DAYTON, Ohio--(BUSINESS WIRE)--CareSource, a nationally recognized nonprofit health plan, today announced resources to assist members who were impacted by a cybersecurity incident that threatened more than 700 organizations worldwide. CareSource will provide complimentary credit monitoring to members whose data may have been comprised by CL0P, a Russia-based ransomware gang that exploited a vulnerability in the MOVEit file transfer system. CareSource members will have access to credit and identity monitoring for two years, including fraud consultation and identity theft restoration.
“We take the security and sensitive nature of our member data seriously and quickly took steps to address the incident, including retaining a leading cybersecurity firm,” said Anne Fogler AVP, Privacy and Compliance, CareSource. “Our cybersecurity teams and third-party experts analyzed the incident and worked to identify the impacted individuals. We are notifying these members and are committed to helping them safeguard their information by providing resources and services to protect and monitor their personal data.”
This week, CareSource will begin mailing notices to affected members, which will include details about how to register for credit monitoring and where to find additional information for safeguarding data. CareSource encourages members whose data was involved in the incident to actively monitor their credit reports using these resources. In addition to notifying members, CareSource also informed state and federal officials and continues to work closely with law enforcement on this matter.
Approximately 45 million people and more than 700 organizations worldwide, including governments, banks, educational institutions and businesses, have been impacted by the hack of the MOVEit program, which is used by organizations to transfer large amounts of often sensitive information. While the attack occurred on May 31, because of the sophisticated manner in which it was conducted, CareSource’s use of all available security and investigative tools detected that member data was compromised on June 27. CareSource member data that has been compromised due to the vulnerability in the MOVEit system includes member identification numbers, names, addresses, dates of birth, emails, phone numbers, gender, social security numbers, plan name, and aspects of health condition.
For more information and to learn about other available resources, members should call 1-866-764-7020 Monday through Friday from 9 a.m. to 6:30 p.m. ET.
CareSource is a nonprofit, nationally recognized managed care organization with over 2.3 million members. Headquartered in Dayton, Ohio since its founding in 1989, CareSource administers one of the largest Medicaid managed care plans in the U.S. The organization offers health insurance, including Medicaid, Health Insurance Marketplace and Medicare products. As a mission-driven organization, CareSource is transforming health care with innovative programs that address the social determinants of health, health equity, prevention and access to care.