CBIZ KA Consulting Services, LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

CBIZ KA Consulting Services, LLC, a company based in East Windsor, NJ, experienced a significant data breach as part of the MOVEit data breach incident. This breach was linked to Prime Healthcare through CBIZ KA, which served as Prime Healthcare’s revenue cycle management vendor. The breach occurred due to a zero-day vulnerability in Progress Software’s MOVEit Transfer solution, which was exploited by a Russian-linked ransomware hacking group in late May 2023. The unauthorized access to the MOVEit Transfer server happened between May 29 and June 5, 2023, during which certain files were downloaded by an unauthorized party[1][3].

The breach affected nine Prime Healthcare hospitals across the United States, including facilities in New Jersey, Pennsylvania, and other states. The compromised information varied by healthcare provider but may have included individuals’ names, dates of birth, service dates, diagnosis codes, health insurance details, medical record numbers, Social Security numbers, and more[1][3].

In response to the breach, CBIZ KA began mailing letters to affected individuals on November 10, 2023, and offered complimentary credit monitoring and identity protection services through Kroll for those whose Social Security numbers were involved. They also advised individuals to review statements from their healthcare providers and insurers for any services they did not receive[3].

To prevent future incidents, CBIZ KA has patched the identified vulnerability on the MOVEit Transfer server and taken steps to review and enhance their security protocols[1][3]. The company has been assisting hospitals and healthcare systems with reimbursement complexities since 1978, focusing on optimizing revenue and achieving compliance[5].

Affected individuals were advised to be vigilant for incidents of fraud or identity theft by reviewing their account statements and credit reports. They were also encouraged to contact the Federal Trade Commission and/or the Attorney General’s office in their state if they believe their personal information has been misused[3].

Citations:

  1. https://www.forthepeople.com/blog/9-prime-healthcare-hospitals-across-united-states-are-affected-moveit-data-breach/
  2. https://kpmg.com/xx/en/home.html
  3. https://theridgewoodblog.net/valley-health-system-vendor-experiences-a-data-breach/
  4. https://www.millerknoll.com
  5. https://www.cbiz.com/about-us/locations/company-details/cbiz-ka-consulting-services-llc-1
  6. https://www.stateauto.com
  7. https://www.hipaajournal.com/november-2023-healthcare-data-breach-report/
  8. https://www.linkedin.com/company/cbiz
  9. https://theridgewoodblog.net/nj/data-breach/
  10. https://www.linkedin.com/company/kaconsults
  11. https://hfmanj.org/images/downloads/Focus_Magazine/jan_feb_2011_final.pdf
  12. https://www.linkedin.com/showcase/cbiz-ka-consulting-services/
  13. https://kaconsults.cbiz.com
  14. https://www.linkedin.com/in/carrie-o-connor-9b841115
  15. https://breachdata.topwords.me/hipaa?limit=20&offset=120&sort=reported_date
Breach Submission Date Nov 10, 2023
Converted Entity Name CBIZ KA Consulting Services, LLC
Converted Entity Type Business Associate
State NJ
Individuals Affected 30,806
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes