Hacking case hits 134,000 enrolled in certain state run health care programs

If you participate in certain programs run through the Massachusetts Executive Office of Health and Human Services, you may have been notified you were part of massive hacking. More than 134,000 Massachusetts residents who are currently enrolled in certain state programs and services (or were enrolled in the last few years) had their personal information involved in a recent global third-party data security incident.

This incident was part of a worldwide data security incident involving a file-transfer software program called MOVEit, which has impacted state and federal government agencies, financial services firms, pension funds, and many other types of companies and not-for-profit organizations.

The University of Massachusetts Chan Medical School provides services to the Executive Office of Health and Human Services (EOHHS). MOVEit was used to transfer files as part of the services provided by UMass Chan to certain EOHHS agencies and programs. Impacted individuals are a subset of current or recent participants in these programs. Those programs include State Supplement Program (SSP) participants (including recipients, other members of the household and authorized representatives), MassHealth Premium Assistance members, MassHealth Community Case Management participants, and Executive Office of Elder Affairs (EOEA) and Aging Services Access Points (ASAP) home care program consumers were primarily impacted. If you do not participate in one of those programs, it is unlikely your data was exposed.

If you did receive a notice, you are encouraged to take steps to protect your information, including monitoring your financial account statements and enrolling in free credit monitoring and identity theft protection offered to individuals whose Social Security numbers or financial information was exposed.


While the information involved in the data security incident varied by person, it included names and one or more of the following:

· Dates of birth
· Mailing addresses
· Protected health information, i.e., diagnosis/treatment information, prescription information, provider names, dates of service, claims information, health insurance member ID numbers, and other health insurance related information
· Social Security numbers
· Financial account information

Beginning on August 15, 2023, people whose information was involved will receive letters from the Commonwealth of Massachusetts and UMass Chan. The letter explains what data was impacted for each individual, the actions taken in response to the MOVEit incident and detailed steps that individuals can take to protect their information which includes free credit monitoring.

Individuals who receive notification that their data is involved and have further questions may call 855-862-7769, Monday through Friday, from 9:00 a.m. to 5:00 p.m.

If you would like more information about the MOVEit hack and it’s impact on programs go to: mass.gov/moveitincident