Oregon Health Plan Data Breach

On August 3rd, 2023, Oregon Health Plan (OHP) informed 1.7 million members of a data breach that originated at one of its vendors. The Oregon Health Plan was founded in 1993 in Oregon state by John Kitzhaber and Dr. Ralph Crawshaw. OHP is Oregon's Medicaid and Children's Health Insurance Program, providing health care coverage for working families, children, pregnant adults, single adults, and seniors and is overseen by the Oregon Health Authority. 

The breach came from PH TECH,  a tech company that offers a platform and administrative services for community health plans. The company suffered a breach due to a cyberattack on Progress Software’s MOVEit Transfer software earlier this year. Earlier this month, OHP notified its members that the PH TECH data breach may have affected their client's personal information. 

According to the tech company, following the notification from Progress Software, it immediately moved its system offline and informed the Federal Bureau of Investigation (FBI) of the incident. According to their investigation, they were able to determine that the unauthorized party used the MOVEit Transfer software and downloaded sensitive files that included the following information:

• Social Security numbers 
• Names
• Dates of birth
• Addresses
• Authorization information 
• Diagnosis and procedure codes 
• Member ID numbers
• Claim information

Since the data breach, PH TECH said that it disabled access to the platform, rebuilt how individuals can access the platform, and notified those individuals who were impacted by the breach. OHP is not the first to experience a data breach caused by the MOVEit Transfer software. Dozens of organizations all over the world, including  Allegheny County in Pennsylvania, UT Southwestern Medical Center, and Johns Hopkins All Children’s Hospital, have reported breaches stemming from a vulnerability in the MOVEit Transfer software. 

In a released statement by Dave Baden, interim director at the Oregon Health Authority, he said, “It’s disheartening that bad actors are looking to exploit people in our state and that their actions create a burden for others, who have more than enough to manage already.” Baden also went on to mention how their clients should take extra precautionary steps to secure their personal information. 

Understanding What Makes Data Breaches Dangerous

Data breaches can turn a company's system inside out, exposing thousands of individuals' private information. If you have received a data breach notification from OHP, it is imperative that you understand what a data breach is and what is at risk. According to IBM, a data breach is "any security incident in which unauthorized parties gain access to sensitive data or confidential information, including personal data (Social Security numbers, bank account numbers, healthcare data) or corporate data (customer data records, intellectual property, financial information)." 

Using this stolen data, unauthorized parties can use the information to commit crimes like identity theft, cause financial losses, ruin credit, and other frauds that can destabilize the life of any individual. This is why it is vital for victims to understand what they can do to protect themselves in the event unauthorized parties access their information during a data breach.

What Can You Do To Help Protect Yourself After a Data Breach?

Knowing what went wrong after a data breach is only half the battle. Victims of a data breach should know what they can do to help protect themselves in the chance they receive notice unauthorized parties have accessed their personal information. The first thing you should do if your information has been leaked is to notify your bank and freeze your credit report in order to prevent any harmful actions taken against you. Once you’ve secured your personal information, you should closely monitor your accounts and request credit reports to ensure no one is using your personal information but yourself.

For those who have been impacted by the OHP data breach, Baden encourages those individuals to enroll in ID theft recovery services. Victims of the OHP data breach can also expect to receive more information from PH TECH in the mail. Victims of data breaches should also contact an attorney to learn more about what else they can do to protect themselves, as well as what their legal options are.

Victims of the Oregon Health Plan Data Breach Should Contact a Class Action Attorney Today

Victims of the Oregon Health Plan data breach should contact a class action attorney today to learn more about how they can protect themselves and their loved ones from becoming a victim of fraud or identity theft. Speaking with an experienced class action attorney can help you better understand your legal options and help you determine your best course of action.

If your personal information has been leaked due to the Oregon Health Plan data breach, we may be able to help you. For more information about the Oregon Health Plan data breach, or if you or someone you know has been affected, we highly encourage you to contact a class action attorney today.