Last Friday, October 13, Cognisight, LLC (“Cognisight”) filed a notice of data breach with the Attorney General of California on behalf of San Diego PACE after it discovered a vulnerability within the MOVEit file transfer tool that resulted in the exposure of consumers’ personal information. According to the report posted on Cognisight’s website, the data breach occurred earlier this year. Those affected by the breach may have had their name, social security number, treatment plans, and protected health information accessed. Below, we have provided you with a comprehensive timeline of the events since the start of the MOVEit data breach.
May 2023: Progress Software Corporation announces there has been a global attack where more than 2,550 organizations have been impacted via a data breach in their MOVEit file transfer tool by a ransomware operation known as Cl0p.
May 31, 2023: On the 31st, Cognisight learns of the attack on the file transfer tool called MOVEit. The company claims they immediately all stopped access to MOVEit and had a forensic investigation conducted to determine what occurred and whether any data was compromised.
June 5, 2023: Completed on June 5, 2023, the investigation determined that the files taken were from the MOVEit server. Once confirmed, Cognisight hired a third-party vendor to review the compromised files to determine what information was leaked and which consumers were impacted by the breach.
August 2, 2023: The review process was completed, and the company began to work with the impacted covered entities to provide notice to those affected individuals on their behalf.
October 13, 2023: Cognisight sent out data breach letters to anyone who was affected by the recent data security incident. In the letters, affected individuals will receive a list of what information belonging to them was compromised.
What is Consight Doing To Protect its Clients?
Cognisight claims they immediately stopped all access to the MOVEit service, securely restored their servers from backups, and applied the fixes provided by the MOVEit software provider, Progress. Currently, the company is working with those covered entities to obtain contact information in order to send letters to those whose personal information may have been affected due to the breach. The letters will contain more information about the incident and provide victims with instructions on enrolling in credit monitoring and identity restoration services free of cost.
In a notice on Cognisight’s website, the company has indicated that the MOVEit incident has also affected the following entities:
- Blue Cross and Blue Shield of Louisiana
- Mercy LIFE West Philadelphia
- Pacific PACE
- Saint Francis LIFE
- Saint Joseph PACE
- Sequoia PACE
- Stockton PACE
- Trinity Health LIFE New Jersey
Currently, Cognisight has received no indication that any personal information has been misused. However, the company sustains that individuals affected by the data breach should remain vigilant for incidents of identity theft or fraud. Cognisight recommends that affected individuals frequently review their bank accounts, financial statements, credit reports, and estimates of benefits for suspicious activity. Any incidents of identity theft should be reported to law enforcement or the attorney general.
Headquartered in Rochester, New York, Cognisight is a business services company that provides various support services to healthcare providers, offering the provision of risk adjustment services such as analytics, chart reviews, health assessments, RADV support, and initial validation audits. Cognisight is only the most recent company to announce they have been affected. The MOVEit data breach began in May of 2023, and since June 14, Clop has been posting company profiles of companies allegedly impacted by data breaches caused by the cyber attack.
For questions or concerns or to determine whether your information was impacted, consumers can contact Cognisight at 1-800-405-6108 Monday through Friday from 8:00 a.m. to 8:00 p.m. EDT. If you believe your information has been compromised due to the Cognisight data breach or through the other companies affected by the MOVEit data breach, we may be able to help you. To learn more about the ongoing MOVEit data breach, click here, or contact a Morgan & Morgan data breach attorney today by completing our free, no-obligation case evaluation form.