The Colorado Department of Health Care Policy & Financing (HCPF) reported a data breach involving Progress Software on August 11, 2023. The breach, which occurred on or about May 28, 2023, involved unauthorized access to files containing personal and protected health information of HCPF members due to a vulnerability in the MOVEit® Transfer application used by IBM. The specific number of affected individuals is currently unknown.
TPRM report: https://www.rankiteo.com/company/colorado-department-of-health-care-policy-and-financing
"id": "col452072625",
"linkid": "colorado-department-of-health-care-policy-and-financing",
"type": "Vulnerability",
"date": "5/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Colorado',
'name': 'Colorado Department of Health Care Policy & '
'Financing',
'type': 'Government Agency'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Protected Health Information']},
'date_detected': '2023-05-28',
'date_publicly_disclosed': '2023-08-11',
'description': 'The Colorado Department of Health Care Policy & Financing '
'(HCPF) reported a data breach involving Progress Software on '
'August 11, 2023. The breach, which occurred on or about May '
'28, 2023, involved unauthorized access to files containing '
'personal and protected health information of HCPF members due '
'to a vulnerability in the MOVEit® Transfer application used '
'by IBM.',
'impact': {'data_compromised': ['Personal Information',
'Protected Health Information'],
'systems_affected': ['MOVEit® Transfer application']},
'references': [{'source': 'Colorado Department of Health Care Policy & '
'Financing'}],
'title': 'Data Breach at Colorado Department of Health Care Policy & '
'Financing',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit® Transfer application vulnerability'}