MoveIT Breaches have Lasting Impacts on Wisconsin Medicare

We’ve written before about last year’s moveIT breach- or rather, series of breaches- which were enabled by APIs.

MoveIT Breaches have Lasting Impacts on Wisconsin Medicare

The original moveIT breach started with an injection against an API administrative endpoint, and then data was exfiltrated. It will go down as one of the largest and broadest API-enabled breaches of the past decade, and although it was uncovered last year, the effects are still being felt today.

Wisconsin Medicare

In Wisconsin, nearly a million Medicare users’ personally identifiable information has been exposed as a result of the moveIT breaches of yester-year. These victims have been notified, and Medicare is replacing their cards immediately with new numbers and urging them to inform their healthcare providers. 

 But how did this massive data breach go undetected for so long?

Last May, when the original attacks were first announced, Wisconsin Medicare applied the moveIT patch, and found no evidence that their data had been compromised. However, recent investigations revealed that files had been copied over before the patch was applied.

Now, users are being urged to sign up for free credit monitoring and similar services to ensure their data protection in the future. But this may not be the last of it… If it took over a year for Wisconsin Medicare to realize they had been breached, there could be other victims who still don’t know their PII is compromised. This exposes yet another of the key challenges around off-the-shelf APIs that ship with commercial software - they often lack audit trails that can be relied upon for situations like this. 

Implications

This breach highlights the dangers of API supply chain vulnerabilities. When many applications, groups or providers such as Wisconsin Medicare all rely on the same program- in this instance, moveIT- one vulnerability can cause a ripple effect out to all the connected companies through the supply chain. 

If even one API in use is vulnerable, everyone in the chain is vulnerable. In this way, being interconnected is actually a contingency as it opens users up to even more risks via the original provider.

FireTail can help with your API security posture by giving you full visibility into your API landscape and all the APIs and endpoints in use. To see how it works, schedule a demo here or try out our free tier today.