Supply chain
[SC] Supply Chain
Vecino Health Centers, TX Third-Party Breach (June 2023)
Primary Source ↗Incident Details
Missouri warns that health info was stolen in IBM MOVEit data breach. Missouri’s Department of Social Services warns that protected Medicaid healthcare information was exposed in a data breach after IBM suffered a MOVEit data theft attack. The attack was conducted by the Clop ransomware gang , who began hacking MOVEit Transfer servers on May 27th using a zero-day vulnerability tracked as CVE-2023-34362. These attacks allowed the threat actors to steal data from over 600 companies worldwide , including companies, educational orgs, federal government agencies, and local state agencies. Third-party company: Ipswitch, Inc..
Technical Details
- Initial Attack Vector
- Compromise of third-party service provider / vendor relationship
- Vendor / Product
- Ipswitch, Inc.
- Supply Chain Attack
- ✅ Confirmed third-party / vendor compromise
Timeline
- 2023-06-01 Breach occurred
- 2023-08-09 Publicly disclosed