Colorado state office data accessed during worldwide cybersecurity incident

Files containing names, Social Security numbers and medical information were accessed by an "unauthorized actor" in late May, the Colorado Department of Health Care Policy and Financing announced Friday. 

The affected files contained information of certain Health Fire Colorado and CHP+ members. The agency did not specify how many files or members were involved. 

The affected files were on a MOVEit® Transfer application used by IBM, a third-party vendor which uses the application "to move HCPF data files in the normal course of business," HCPF stated in a press release.

According to HCPF, the incident impacted users around the world, including IMB. 

The information in the affected files may have included one or more of the following pieces of information for certain individuals: full name, Social Security number, Medicaid ID number, Medicare ID number, date of birth, home address and other contact information, demographic or income information, clinical and medical information (such as diagnosis/condition, lab results, medication, or other treatment information), and health insurance information.   

Individuals who may have had their information exposed are being offered two years of free credit monitoring and identity restoration services.  

"HCPF and its vendors are reviewing their policies, procedures and cybersecurity safeguards to further protect their systems," the agency stated. 

HCPF confirmed that its computer systems were not damaged by the data breach.  

Another Colorado state agency, the Department of Higher Education, was hit by a ransomware attack in June.