Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Breach
2023
CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)

CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)

Table of Contents

Incident Details

CBIZ KA, a third-party provider for Prime Healthcare, has detected a security issue related to their use of MOVEit Transfer software, which was recently found to have a security flaw. Although Prime's systems were not directly impacted by this incident, CBIZ KA uses MOVEit Transfer for secure data file transfers as part of its standard operations. Following the discovery, CBIZ KA initiated an investigation, with the support of cybersecurity experts, to assess the extent and nature of the vulnerability in MOVEit. On September 20, 2023, CBIZ KA shared patient files with Prime Healthcare that included personal information such as names, dates of birth, addresses, medical record numbers, Social Security Numbers, admission and discharge dates for select patients. The security flaw in the MOVEit Transfer server has since been addressed. CBIZ KA has also reviewed its vendor protocols to enhance preventive measures against similar incidents in the future. For individuals whose Social Security Numbers may have been compromised, CBIZ KA is providing free credit monitoring and identity protection services through Kroll. If you suspect being affected by this incident and have not received a notification by December 13th, please contact (866) 547-6909 between 9:00 a.m. to 6:30 p.m. Eastern Time, Monday through Friday.

Incident

How Did the Breach Happen?

There was a security breach at CBIZ KA caused by a vulnerability in the MOVEit Transfer software, used for securely transferring data files. This vulnerability enabled unauthorized parties to access personal information stored in the data files.

What Data has been Compromised?

The data breach involved personal information such as names and potentially one or more of the following for specific individuals: birthdate, residence, medical identification number, Social Security Number, hospital admission and discharge dates.

Why Did the company's Security Measures Fail?

The security protocols of the company were compromised as a result of a security flaw in the MOVEit Transfer software, enabling unauthorized parties to gain access to the data files.

What Immediate Impact Did the Breach Have on the company?

The breach resulted in unauthorized entry and potential disclosure of confidential patient data, risking reputational harm and erosion of customer confidence.

How could this have been prevented?

Regularly updating and patching the MOVEit Transfer software, along with implementing multi-factor authentication and conducting security audits on a regular basis, could have played a crucial role in preventing this breach. These measures would help address security vulnerabilities and bolster the overall security posture effectively.

What have we learned from this data breach?

The significance of keeping software up-to-date and fixing security flaws is emphasized by this instance of a data breach. It also shows the necessity of strong security practices like employing multi-factor authentication to safeguard confidential information.

Summary of Coverage

A security vulnerability in the MOVEit Transfer software led to a data breach at CBIZ KA, a vendor serving Prime Healthcare. This breach allowed unauthorized access to patient data, which includes personal information. CBIZ KA has responded by addressing the vulnerability, and is providing credit monitoring and identity protection services to those impacted.

Is your System Free of Underlying Vulnerabilities?
Find Out Now