Helpful Articles

Console & Associates, P.C.: CareSource Data Breach Related to MOVEit Impacts Over 3 million Customers

As many as 3 million customers of CareSource have been impacted by a MOVEit-related data breach. This news comes from a July 27, 2023, report the company filed with the U.S. Department of Health and Human Services Office for Civil Rights. The notice reports that while not all victims of the breach were affected equally, the types of data stolen include names, Social Security numbers, dates of birth, and various forms of medical and health information.

If you’re associated with CareSource, you should have received a data breach notification from the company. This notification will contain key details about your leaked information. From there, you can refer to our Guide for Victims of Data Breaches to take steps to protect yourself. If you want to consider a CareSource data breach lawsuit, you can call 866-778-5500 or send us an email to to schedule a free consultation.

To learn more about the CareSource data breach, read our blog post here:

The Cause of the MOVEit / CareSource Data Breach

The data breach impacting CareSource customers has its roots in a broader phenomenon that’s already impacted tens of millions. Namely, a popular secure file transfer tool, MOVEit is in use by many third-party vendors and companies that handle sensitive data. However, MOVEit developer Progress Software went forward to announce that the tool had a major day-zero vulnerability in late May, 2023.

Ever since then, a steady flow of data breach reports has come out, with a count of victims in the tens of millions and growing. A common thread in most of the MOVEit data breaches is that it was the tool that was compromised, rather than the individual company networks. This is also true for CareSource, as all of their compromised data in this case comes down to exposure via the MOVEit file transfer tool.

On May 31st, CareSource first learned of the MOVEit security problems and took initial steps to secure their data and prevent any further vulnerability. On the next day, the company installed the patch that Progress Software released and the CareSource data breach investigation began. Partway through the investigation, ransomware group Clop issued a statement that it had been able to obtain CareSource’s data.

By July 27, 2023, the investigation had come to a close and confirmed a major data breach at CareSource. Namely, information relating to three million individuals had been compromised. The exact information compromised varies from person to person, but it may include:


?      Name

?      Social Security number

?      Address

?      Gender

?      Date of birth

?      Health insurance information

?      Medical information

If the data breach impacted you, you should receive a letter detailing exactly what information was compromised.

More Information About CareSource

CareSource is a nonprofit, Dayton, Ohio-based, multi-state health plan that was founded in 1989. It provides insurance plan offerings on the Health Insurance Marketplace as well as Medicaid-related health coverage. The company operates across six states with more than 4,500 employees, two million active members, and an annual revenue of around $12.4 billion.

This puts CareSource in a position of responsibility for safeguarding vast amounts of sensitive information, and their failure to do so may put you at risk for identity theft. If you’re considering a CareSource data breach lawsuit, the law firm of Console & Associates can help. We’re well-versed and experienced in data breach cases, and we can help you get the compensation that your financial loss and emotional hardship deserve. Call 866-778-5500 or send us an email to to schedule a free consultation, learn your rights, and take the next step forward.

About the Author
Richard Console
Posted - 08/28/2023