The Department of Health and Human Services has disclosed in its Breach Portal that a breach, which involved more than 600,000 individuals at Radius Global Solutions is being investigated as a law firm specializing in data breach class actions is looking for victims of the breach to be plaintiffs in a lawsuit against the company.
The breach was uncovered in June when Radius became aware of a vulnerability in a web transfer application called MOVEit, according to a notice that has been published on Radius’s website. Several thousand companies and government agencies use the application for transferring documents, Radius said in the announcement.
“Upon learning cybercriminals exploited the vulnerability, Radius immediately investigated its MOVEit database to assess its security and to identify any documents that may have been accessed by unauthorized actors,” the company said in the announcement. “After determining some documents were accessed, Radius conducted a comprehensive review of the impacted files to determine what information was present in the impacted files, to whom the information related, and contact information for applicable individuals.”
Affected individuals may have had their names, dates of birth, Social Security numbers compromised, along with patient treatment codes, treatment locations, and treatment payment histories.
After learning of the security flaw, conducting an investigation and notifying the relevant individuals, the company has continued to implement the necessary patches and measures to secure the MOVEit database, the company announced. Impacted individuals are eligible to receive 24 months of complimentary identity monitoring and protection services.
Other entities that have disclosed breaches as a result of the MOVEit vulnerability — described as a what could be “the most devastating exploitation of a zero-day vulnerability ever and one of the biggest cyberattacks ever — include the Department of Education, Siemens Energy, Ernst & Young, and UCLA.