More Oregonians Than Thought Affected By State Wide Cyber Security Breach

Portland, Ore. — PH TECH has notified affected customers about a security incident involving vendor Progress MOVEit and member information. On June 2, 2023, PH TECH learned that Progress MOVEit had a vulnerability that could allow attackers to access their system and download files. In response, PH TECH immediately took its system offline, launched an investigation with the help of a cybersecurity firm, and informed the FBI.

The investigation revealed that an unauthorized person used Progress MOVEit’s software to download PH TECH data files on May 30, 2023. On June 16, 2023, PH TECH confirmed that the data of some of its customers had been affected, including personal and protected health information such as names, dates of birth, social security numbers (SSNs), addresses, member ID numbers, plan ID numbers, email addresses, authorization information, diagnosis codes, procedure codes, and claim information.

PH TECH has taken several actions to address the incident, including disabling access to the platform, fixing the problem, and implementing improved access controls to prevent unauthorized access. The affected individuals have been notified, and they are being offered free identity theft protection services through IDX.

If you believe you may have been affected, you can contact IDX at (888) 498-1602, TTY/TDD 711, Monday through Friday from 6 a.m. – 6 p.m. Pacific Time, or visit https://response.idx.us/PHTECH. The deadline to enroll for the free IDX services is January 30, 2024.

Oregon Health Plan (OHP) members are among those affected by this data breach, but it’s important to note that state systems were not compromised. PH TECH is a private vendor that handles OHP member data for many Coordinated Care Organizations (CCOs). The breach occurred due to a security vulnerability in Progress MOVEit software, allowing attackers to access the personal information of approximately 1.7 million members.

PH TECH conducted extensive forensic analysis to identify the affected individuals, and notification letters offering free credit monitoring have been sent to impacted individuals starting from July 31. OHP members are urged to activate credit monitoring as a precaution and also request a free credit report from each of the three major consumer reporting companies (Equifax, TransUnion, and Experian) to help detect signs of identity theft.

If needed, OHP members can receive ID theft recovery services through PH TECH at no cost. For assistance, OHP members can contact PH TECH at 888-498-1602 or visit https://response.idx.us/PHTECH for more information.