On August 8, 2023, a third-party data breach was reported by the Missouri Department of Social Services (“DSS”), which impacted the MOVEit server of IBM Consulting – one of its vendors. The incident was found after IBM identified unauthorized access into its system that eventually led to the compromise of consumers’ sensitive information, including protected health information.
This revelation undeniably emphasized the significance of robust data protection security, particularly in organizations dealing with delicate information, such as health records of individuals. The vulnerable server belonged to IBM Consulting, a top IT consulting firm that provides various technology and consulting services to numerous clients globally.
Upon identifying the breach, DSS immediately posted a notice on its website to inform about the incident publicly. The notice elaborated that the unauthorized party gained access and could potentially misuse the consumers’ protected health information. This comes under the purview of sensitive information, urging organizations to immediately address any such security loopholes.
The incident raises several legal questions regarding data protection and privacy as both are increasingly valuable commodities in the digital age. The robustness of systems to protect such data, along with the mechanisms employed by organizations upon a data breach, remains a point of discussion going ahead.
As a response to the breach, it is expected that DSS along with IBM Consulting will be taking necessary steps to not only recover and secure the leaked data but also to fortify their security measures to prevent such incidents in the future. The legal professionals globally will be looking upon this case closely to glean insights into third-party data breaches, vendors’ response, and the legal implications associated with it.
Further developments and updates regarding the incident will be closely monitored and communicated to the relevant audience.