PH Tech disclosed Tuesday that a “coordinated attack” by hackers led to the breach. The company suspected there had been a breach in June. The firm said it suspects the hack took place on May 30.
Information exposed is believed to include some personal information, including names, dates of birth, social security numbers, mailing addresses and email addresses, as well as health records that could include diagnoses, procedures, claims and member and plan ID numbers.
The hackers broke into the PH Tech computer system through a security vulnerability in Progress MOVEit software that several state agencies use. This is the second time hackers have accessed Oregonian’s personal data through that software.
The Oregon Department of Transportation announced in June that the state DMV had fallen victim to the hackers and that all holders of Oregon driver’s licenses could have their personal information breached.
PH Tech provides services to many coordinated care organizations, which provide preventative and support services to Oregon Health Plan members, to help manage member data.
PH Tech began mailing notification letters on July 31 to people whose data was exposed. The letters will include an offer of free credit monitoring.
“We’re urging OHP members to activate credit monitoring as a precaution,” said Dave Baden, interim director at the Oregon Health Authority. “It’s disheartening that bad actors are looking to exploit people in our state and that their actions create a burden for others, who have more than enough to manage already. However, there are important steps that OHP members can take to further protect their data.”
State officials warned that impacted customers should carefully monitor any activity on their credit report. State officials said PH Tech will notify members of the Oregon Health Plan and the impacted CCOs how to activate 12 months of free identity theft protection.
©2023 Advance Local Media LLC. Visit oregonlive.com. Distributed by Tribune Content Agency, LLC.