Skip to main content

Colorado Department of Health Care Policy & Financing Data Breach

Thank you for considering The Lyon Firm. At this time, we are not accepting plaintiffs related to this specific consumer issue. However, if you would like to be contacted in the future, please complete the contact form. By completing the form you will be contacted if the Firm begins accepting new cases on this matter, and you will also be included in firm news alerts related to important consumer safety and privacy issues to help keep you informed about related issues.

The Lyon Firm is investigating HCPF – Colorado Department of Health Care Policy & Financing data breach claims that may be impacting millions of individuals. When personal data is compromised due to negligence, victims may seek legal action.

The Colorado Department of Health Care Policy & Financing (HCPF) has begun alerting over 4,000,000 individuals of a data breach that could have impacted their personal and health information.

Colorado HCPF is a state government agency that manages the Health First Colorado (Medicaid) and Child Health Plan Plus programs. The HCPF also provides support for low-income families, the aging population, and Colorado residents with disabilities.

HCPF says their systems were not directly compromised, though the data was exposed through their contractor which utilized the MOVEit software.

For all individuals that receive a data breach notification, HPCF is providing two years of credit monitoring services via Experian. Further compensation may be warranted and our lawyers can discuss potential legal action.

This breach comes shortly after the Department of Higher Education (CDHE) in Colorado disclosed a massive data breach caused by a ransomware attack.

In July 2023, the Colorado State University said a data breach resulting from the same MOVEit incident is impacting tens of thousands of students and academic staff

What HCPF Data is at Risk?

The initial investigation revealed that hackers managed to access and likely exfiltrate files that contained Health First Colorado and CHP+ members’ information, which could have included:

  • Names
  • Social Security Numbers
  • Medicaid ID number
  • Medicare ID number
  • Date of Birth
  • Home address
  • Income information
  • Demographic data
  • Clinical data (diagnosis, lab results, treatment, medication)
  • Health insurance information

If you received a data breach notification from the Colorado Department of Health Care Policy & Financing, contact our lawyers to better understand what is at risk and what you can do following a data breach incident. Data theft lawyers can help you learn more about how to protect yourself in the future and to discuss possible compensation.

What Do We Know About the MOVEit Breach?

The Clop ransomware group has stolen the personal data of at least 41 million individuals. That number is expected to rise. Due to the size of the data breach, it will take time to know the full scope and details of the incident.

The Clop ransomware gang exploited the MOVEit Transfer zero-day in a hacking campaign that impacted at least 600 organizations worldwide.

Contact The Lyon Firm with questions about legal action following any data breach incident. Our lawyers are involved in numerous data security cases and have filed data breach lawsuits on behalf of victims nationwide.