Hackers breached the computer system of a technology contractor to the Oregon Health Plan and other healthcare operations and gained access to the personal information of as many as 1.7 million clients.
PH Tech disclosed Tuesday that a “coordinated attack” by hackers led to the breach. The company suspected there had been a breach in June. The firm said it suspects the hack took place on May 30.
Information exposed is believed to include some personal information, including names, dates of birth, social security numbers, mailing addresses and email addresses, as well as health records that could include diagnoses, procedures, claims and member and plan ID numbers.
The hackers broke into the PH Tech computer system through a security vulnerability in Progress MOVEit software that several state agencies use. This is the second time hackers have cracked into Oregon state agency computer systems through that software.
The Oregon Department of Transportation announced in June that the state DMV had fallen victim to the hackers and that all holders of Oregon driver’s licenses could have their personal information breached.
Related: What to do if you might be affected by the Oregon DMV hack
PH Tech provides services to many coordinated care organizations, which provide preventative and support services to Oregon Health Plan members, to help manage member data.
PH Tech began mailing notification letters on July 31 to people whose data was exposed. The letters will include an offer of free credit monitoring.
“We’re urging OHP members to activate credit monitoring as a precaution,” said Dave Baden, interim director at the Oregon Health Authority. “It’s disheartening that bad actors are looking to exploit people in our state and that their actions create a burden for others, who have more than enough to manage already. However, there are important steps that OHP members can take to further protect their data.”
State officials warned that impacted customers should carefully monitor any activity on their credit report. State officials said PH Tech will notify members of the Oregon Health Plan and the impacted CCOs how to activate 12 months of free identity theft protection.
— Jeff Manning, jmanning@oregonian.com
