// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / Colorado Department of Health Care Policy & Financing
Breach Record

Colorado Department of Health Care Policy & Financing

DISCLOSED 2023-08-14 · UNPATCHED CVE · 4,000,000 RECORDS EXPOSED

The Colorado Department of Health Care Policy & Financing disclosed a data breach affecting 4 million individuals after the Cl0p ransomware group exploited a vulnerability in IBM's MOVEit Transfer software. The exposed data includes personal and health information. The attack is part of a broader campaign targeting MOVEit users.

The record

What we know

Disclosed
2023-08-14
Attack vector
Unpatched Cve
Sector
Government
Country
US
Records exposed
4,000,000
Data classes exposed
personal informationhealth information
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · unclear · opinion

The breach involved a server-side application vulnerability, not an endpoint compromise, so a positive-security allowlist model on endpoints would likely not have prevented it.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other unpatched cve breaches on file

This page is the permanent ColdRecon entry for the Colorado Department of Health Care Policy & Financing disclosure. It updates if new public reporting emerges. All tracked breaches →

Colorado Department of Health Care Policy & Financing just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →