NASCO, a prominent healthcare software company, officially reported a data breach incident to the Attorney General of Massachusetts. The breach, which was attributed to a vulnerability within the secure file-transfer application MOVEit, allowed an unauthorized party to access specific information in the company’s possession. As part of their response, NASCO initiated an extensive investigation into the breach and subsequently began notifying affected individuals.
The incident came to light when NASCO revealed that an unauthorized party had gained access to sensitive consumer information. Following their internal inquiry, NASCO undertook the task of notifying all individuals whose information had been compromised during the data security incident. These notifications were aimed at providing clarity on the situation and guiding affected individuals on appropriate actions.
For individuals who have received data breach notifications from NASCO, understanding the potential risks and protective measures is vital. Seeking counsel from a data breach lawyer can be instrumental in addressing concerns related to fraud and identity theft. Legal options specific to the NASCO/MOVEit data breach are also a topic of discussion within legal circles. For comprehensive information, you can access our recent article on this matter.
Although the MOVEit/NASCO data breach was recently announced, additional information regarding the incident is expected to emerge in the near future. However, NASCO’s submission to the Massachusetts Attorney General furnishes essential insights into the breach’s origins. It was revealed that NASCO employed MOVEit, a third-party file-transfer software developed by Progress Software. On May 31, 2023, Progress Software disclosed a critical vulnerability in MOVEit, but NASCO was only made aware of the potential impact on their MOVEit server on July 12, 2023.
In response to this revelation, NASCO promptly secured its systems, including the decommissioning of its MOVEit server. An investigative process was initiated by NASCO to determine the extent of the breach and its implications on consumer information.
The results of the investigation confirmed that an unauthorized party gained access to NASCO’s MOVEit server on May 30, 2023, which housed confidential information pertaining to select health plan members. Notably, this incident did not involve a breach of NASCO’s core systems; the breach was limited to information stored on the MOVEit server.
Upon learning that sensitive consumer data had been accessed by an unauthorized entity, NASCO conducted a comprehensive review of the compromised files to identify the specific data that had been exposed and which consumers had been affected.
In October 2023, NASCO commenced the process of sending out data breach notification letters to those impacted by the recent data security breach. These letters will provide a detailed account of the compromised information pertaining to the affected individuals.