The Missouri Department of Social Services released an advisory statement on Aug. 8 in response to IBM Consulting's data security incident involving Progress Software's MOVEit Transfer software.
IBM uses MOVEit Transfer and provides services to DSS, which is the state agency responsible for granting eligible Missourians Medicaid services. While the data vulnerability did not directly impact any DSS systems, it did impact data belonging to the DSS.
On June 2, IBM informed DSS of the security breach, made software fixes and halted the use of the MOVEit Transfer application. DSS began an investigation immediately and discovered the files accessed by an unauthorized user may have contained Medicaid participant protected health information.
The breached health information may include individuals' names, department client numbers, dates of birth, possible benefit eligibility statuses or coverages and medical claims information.
DSS made a copy of the files presumed to be accessed and is analyzing the contents. While this analysis is taking place, letters providing information on obtaining a free credit report and recommended security steps are being sent to people whose information was potentially exposed.