Supply chain [SC] Supply Chain

Vecino Health Centers, TX Third-Party Breach (June 2023)

2023-06-01 [vendor] Ipswitch, Inc.
Primary Source ↗

Incident Details

Missouri warns that health info was stolen in IBM MOVEit data breach. Missouri’s Department of Social Services warns that protected Medicaid healthcare information was exposed in a data breach after IBM suffered a MOVEit data theft attack. The attack was conducted by the Clop ransomware gang , who began hacking MOVEit Transfer servers on May 27th using a zero-day vulnerability tracked as CVE-2023-34362. These attacks allowed the threat actors to steal data from over 600 companies worldwide , including companies, educational orgs, federal government agencies, and local state agencies. Third-party company: Ipswitch, Inc..

Technical Details

Initial Attack Vector
Compromise of third-party service provider / vendor relationship
Vendor / Product
Ipswitch, Inc.
Supply Chain Attack
✅ Confirmed third-party / vendor compromise

Timeline

  1. 2023-06-01 Breach occurred
  2. 2023-08-09 Publicly disclosed