Baesman Group, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Baesman Group, Inc., a company based in Hilliard, Ohio, that provides CRM, customer loyalty, and marketing services, confirmed it had been affected by a cyberattack involving the MOVEit file transfer software. The breach occurred on May 29, 2023, and resulted from the mass exploitation of a zero-day vulnerability in the MOVEit software by the Clop threat actors. The vulnerability was identified and a patch was released on May 31, 2023, by Progress Software, but not before the data had been exfiltrated[1].

The compromised data included patient names, addresses, dates of birth, patient account numbers, dates of service, member ID numbers, and Social Security numbers. Baesman Group, Inc. has sent notification letters to the 4,000 individuals affected by the breach and offered complimentary credit monitoring and identity theft protection services[1].

This incident was part of a larger series of cyberattacks affecting numerous healthcare organizations, which exploited the same vulnerability in the MOVEit software. The Clop group exfiltrated data and issued ransom demands to prevent the release of stolen data on their leak site. The breach at Baesman Group, Inc. was reported to the HHS’ Office for Civil Rights as affecting at least 501 individuals[1][6].

The Baesman Group, Inc. incident is one among many that highlight the importance of timely software patching and the risks associated with third-party software vulnerabilities. It also underscores the need for robust cybersecurity measures and incident response plans to protect sensitive information[1][6][8].

Citations:

  1. https://www.hipaajournal.com/mississippi-health-system-investigating-cyberattack/
  2. https://konbriefing.com/en-topics/cyber-attacks-moveit-victim-list.html
  3. https://colevannote.com/investigations/
  4. https://www.upguard.com/security-report/baesman
  5. https://konbriefing.com/en-topics/cyber-attacks.html
  6. https://www.hipaajournal.com/august-2023-healthcare-data-breach-report/
  7. https://www.baesman.com/news-insights/4-healthcare-marketing-privacy-tips-hipaa-compliance
  8. https://www.blackfog.com/what-we-know-about-the-moveit-exploit/
  9. https://konbriefing.com/en-topics/cyber-attacks-usa.html
  10. https://blackkite.com/data-breaches-caused-by-third-parties/
  11. https://securetrust.io/cybersecurity-insights/recent-attacks/hipaa-data-breach-report-august-2023/
  12. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  13. https://www.calhipaa.com/healthcare-data-breach-report-for-august-2023/
Breach Submission Date Aug 17, 2023
Converted Entity Name Baesman Group, Inc.
Converted Entity Type Business Associate
State OH
Individuals Affected 24,757
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes