On August 11, 2023, the Colorado Department of Health Care Policy and Financing (HCPF) reported a data breach involving Health First Colorado and Child Health Plan Plus (CHP+) members. The breach occurred on or about May 28, 2023, when certain HCPF files accessed through the MOVEit application by IBM were compromised, potentially exposing personal and protected health information but confirmed not to affect HCPF or State of Colorado systems directly.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-571694
TPRM report: https://www.rankiteo.com/company/colorado-department-of-health-care-policy-and-financing
"id": "col302072525",
"linkid": "colorado-department-of-health-care-policy-and-financing",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': ['Health First Colorado members',
'Child Health Plan Plus (CHP+) '
'members'],
'industry': 'Healthcare',
'location': 'Colorado, USA',
'name': 'Colorado Department of Health Care Policy and '
'Financing (HCPF)',
'type': 'Government Agency'}],
'attack_vector': 'Compromised Application',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Protected Health Information']},
'date_detected': '2023-05-28',
'date_publicly_disclosed': '2023-08-11',
'description': 'A data breach involving Health First Colorado and Child '
'Health Plan Plus (CHP+) members occurred on or about May 28, '
'2023, when certain HCPF files accessed through the MOVEit '
'application by IBM were compromised.',
'impact': {'data_compromised': ['Personal Information',
'Protected Health Information']},
'initial_access_broker': {'entry_point': 'MOVEit application by IBM'},
'references': [{'source': 'Colorado Department of Health Care Policy and '
'Financing (HCPF)'}],
'title': 'Colorado HCPF Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit application by IBM'}