CBIZ KA, a third-party vendor for Prime Healthcare (Prime), discovered a security incident involving CBIZ’s use of MOVEit Transfer software, which has recently reported a security vulnerability. Prime takes the responsibility of safeguarding your information very seriously, and while Prime systems were not involved in the incident, CBIZ KA uses MOVEit Transfer to securely transfer data files in the normal course of business.
CBIZ KA promptly launched an investigation, with the assistance of cybersecurity professionals, into the nature and scope of the MOVEit vulnerability. On September 20, 2023 CBIZ KA sent Prime Healthcare the files of its patients involved, which contained the name and one or more of the following for certain patients: date of birth, address, medical record number, Social Security Number, admission date, and discharge date.
The identified vulnerability on the MOVEit Transfer server has been patched. CBIZ KA also reviewed the protocols in place with vendors to help prevent something like this from happening again.
For eligible individuals whose Social Security numbers may have been involved in the incident, CBIZ KA is offering complimentary credit monitoring and identity protection services through Kroll. If you believe you are affected by this incident and do not receive a notice letter by Wednesday, December 13th, please call (866) 547-6909, Monday through Friday, between 9:00 a.m. to 6:30 p.m. Eastern Time (excluding major U.S. holidays).