A security vulnerability in the MOVEit software, developed by Progress Software and used by WPS to transfer files in the provision of services to CMS, led to unauthorized access of personal information. Between May 27 and May 31, 2023, personally identifiable information (PII) of Medicare beneficiaries—collected for managing Medicare claims and CMS audits of healthcare providers—was compromised, affecting up to 946,801 individuals. WPS discovered and reported the breach to CMS, initiating notifications to the impacted parties.
TPRM report: https://scoringcyber.rankiteo.com/company/wps-health-insurance
"id": "wps001041225",
"linkid": "wps-health-insurance",
"type": "Vulnerability",
"date": "9/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '946,801',
'industry': 'Healthcare',
'name': 'WPS',
'type': 'Company'}],
'attack_vector': 'Software Vulnerability',
'data_breach': {'number_of_records_exposed': '946,801',
'personally_identifiable_information': True,
'type_of_data_compromised': 'PII'},
'description': 'A security vulnerability in the MOVEit software, developed by '
'Progress Software and used by WPS to transfer files in the '
'provision of services to CMS, led to unauthorized access of '
'personal information. Between May 27 and May 31, 2023, '
'personally identifiable information (PII) of Medicare '
'beneficiaries—collected for managing Medicare claims and CMS '
'audits of healthcare providers—was compromised, affecting up '
'to 946,801 individuals. WPS discovered and reported the '
'breach to CMS, initiating notifications to the impacted '
'parties.',
'impact': {'data_compromised': 'Personally Identifiable Information (PII)'},
'regulatory_compliance': {'regulatory_notifications': 'Reported to CMS'},
'response': {'communication_strategy': 'Notifications to impacted parties'},
'title': 'MOVEit Software Vulnerability Leads to Unauthorized Access of '
"Medicare Beneficiaries' PII",
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit software vulnerability'}