Helpful Articles

Console & Associates, P.C.: CHCPF Data Breach Investigation Reveals Four Million People from Colorado Impacted

The Colorado Department of Health Care Policy and Financing (“Colorado HCPF,” “CHCPF”) manages the health data of millions of Colorado citizens. According to a notice the organization filed with the Attorney General of Maine on August 11, 2023, the data of over four million people has been compromised due to a vendor using the MOVEit tool. The most worrying element of the leak is that Social Security numbers have been stolen, but other important data such as health information are lost as well. Consider reaching out to a CHCPF data breach lawyer for further guidance and counseling on your legal rights.

If the breach affected your data, you should receive a data breach notification from the CHCPF. Once you have this information, consult our Guide for Victims of Data Breaches to learn how to manage the risks you’ve been exposed to. After that, call 866-778-5500 or send us an email to to schedule a free consultation with our CHCPF data breach lawyers. At the law firm of Console & Associates, P.C., we can help you protect your identity and potentially pursue damages in a CHCPF data breach lawsuit.

To learn more about the CHCPF data breach, read our blog post here:

Cause of the CHCPF Data Breach

Currently, the main source of details on the CHCPF data breach is the company’s filing with the Attorney General of Maine. According to this source, the leak started like many other recent data breaches, with a day-zero vulnerability in the popular MOVEit file transfer tool. Progress Software, the developer of the tool announced the vulnerability on May 31st, 2023, and the ransomware group Clop claimed responsibility.

Since then, many of the companies and organizations that Clop claimed to have stolen data from have come forward to announce breaches impacting their data. While Clop has claimed that they did not keep information from government entities, these claims should not be taken at face value.

As the Colorado HCPF uses MOVEit, the organization began an internal CHCPF data breach investigation immediately. By June 13, 2023, it had confirmed that no internal systems were compromised but that the MOVEit leak had compromised millions of records. The types of information compromised vary from individual to individual but may include:

?      Name

?      Social Security number

?      Address

?      Health information

?      Demographic information

?      Date of birth

If you were impacted by the breach, you should have received one of the letters that CHCPF began sending on August 11, 2023. These detail the type of information compromised, which makes your letter a vital resource in protecting yourself from health or identity fraud.

Role and Responsibilities of the Colorado Department of Health Care Policy and Financing

The Colorado Department of Health Care Policy and Financing (HCPF) manages Health First Colorado, the state Medicaid program. It also manages other, smaller programs such as Child Health Plan Plus (CHP+). In all, the CHCPF is responsible for vast amounts of highly sensitive data affecting people across the whole population of Colorado.

This responsibility comes with the duty to protect people’s information and, when data breaches occur, to inform them of leaks in a timely manner. Many organizations discovered the scope of the MOVEit-related breach faster than the CHPCF data breach investigation. Every day counts when your identity is vulnerable, and some people may find it more difficult to protect their identity in time now.

If you feel frustrated, don’t know what to do, or want to know your rights, the law firm of Console & Associates, P.C. is here to help. Our experienced Colorado HCPF data breach lawyers are on standby to help victims navigate this difficult experience.

Call 866-778-5500 or send us an email to to schedule a free consultation with lawyers who’ll fight for your right to the compensation you deserve.

About the Author
Richard Console
Posted - 08/18/2023