July 23, 2024

New data breach affects 1.7 million Oregonians

Hackers have stolen personal information from members of the Oregon Health Plan, the state's Medicare provider. Image by Markus Spiske from Pixabay
August 3, 2023

Those affected are current or past members of the Oregon Health Plan, the state’s Medicaid system

By Lynne Terry, Oregon Capital Chronicle

Hackers have gained access to the personal information of 1.7 million current and former Medicaid members in Oregon.

The breach dates to May 30. Hackers exploited a vulnerability in a file transfer program, MOVEit, to obtain the personal and medical information of members of the Oregon Health Plan, the state’s Medicaid system. The breach happened through the state’s coordinated care organizations, the Medicaid insurers that contract with PH TECH, which announced the breach Wednesday. 

The Oregon Health Authority, which oversees coordinated care organizations, also issued an alert about the breach.

The breach of MOVEit is the same that affected Oregon’s Department of Motor Vehicles, which announced mid-June that the personal information of 3.5 million Oregonians with drivers licenses and identification cards were affected. The DMV waited about two weeks to alert the public.

PT TECH knew that hackers had obtained personal information of those who used its services in mid-June. But it wasn’t until this past Monday that the company sent letters to those affected — about six weeks later. Those affected will be offered one year of free credit monitoring, and the mailed notices will be translated into the appropriate language. 

Company officials are not going to call or email those affected, even though many live in unstable situations, moving a lot and even living on the streets.

It said in the release that it alerted its clients — coordinated care organizations — about the breach the same day it was informed. But the insurers did not alert its clients — those who were affected. 

In a statement to the Capital Chronicle, PH TECH said it takes data breaches seriously.

“Security breaches are complex and it can take time to fully understand the impact and notify those affected. In this case, several concurrent investigations were underway to assess what happened and what needed to be done to address the security vulnerability, as well as prevent it from happening again,” it said in a statement to the Capital Chronicle. “Because this security incident compromised both personal and protected health information it required additional steps and precautions. From the time we became aware of the issue, PH TECH worked immediately and collaboratively with cyber security experts, as well as all impacted client partners, to respond with certainty and accuracy. Notifications to all those affected occurred well within the required timelines.”

Becca Thomsen, a spokeswoman for CareOregon, one of the largest Medicaid insurers in Oregon, said in an email that the organizations waited because the breach affected a contractor and they wanted to have a coordinated public information strategy.

“To aid in public understanding, impacted organizations contributed to a single press release and member notification strategy,” Thomsen said. “Notifications distributed this week meet reporting standards of 45-days post-notification. 

More information
Watch for additional information from PH TECH in the mail and follow instructions to activate 12 months of free identity theft protection. OHP members will be contacted by regular first-class mail, not by phone or email.
Contact PH TECH for assistance at 888-498-1602 or go to for more information.

Files downloaded by the hackers included people’s names, birth dates, Social Security numbers, addresses and email addresses — the same data obtained through the DMV breach. But this time hackers reaped a wealth of private medical information protected by federal privacy laws. Data obtained includes enrollment, authorization and claim information. Hackers also obtained diagnosis codes that doctors and insurers use to refer to specific diseases or conditions, procedure codes and authorization information.

The Oregon Health Authority said PH TECH conducted an “extensive forensic analysis through July 25. This analysis identified the individuals who were affected so OHP members could be notified.”

A recent email from a spokeswoman for the DMV said that agency still had no idea who had been affected. The agency opted to issue a general alert to everyone, regardless of whether they were affected.

Besides the free credit monitoring, everyone is entitled by law to a free report from each of the three credit agencies, Equifax, Experian and TransUnion. To request a free report, go to or call 877-322-8228. 

The health authority urged everyone to monitor their credit.

“It’s disheartening that bad actors are looking to exploit people in our state and that their actions create a burden for others, who have more than enough to manage already. However, there are important steps that OHP members can take to further protect their data,” Dave Baden, interim health director, said in a statement.

Here’s how to contact the credit monitoring companies:

Residents should check for transactions or accounts they don’t recognize, and if they see strange transactions, call the appropriate banks or credit card company to report them. The Federal Trade Commission also has information on identity theft at

Security officials advise people to freeze their credit if they’re worried about identity theft. That can be done through each of the three credit monitoring companies. Credit can be frozen and lifted as necessary.

Lynne Terry has more than 30 years of journalism experience, including a recent stint as editor of The Lund Report, a highly regarded health news site. She reported on health and food safety in her 18 years at The Oregonian, was a senior producer at Oregon Public Broadcasting and Paris correspondent for National Public Radio for nine years.

Picture of Bert Etling

Bert Etling

Bert Etling is the executive editor of Email him at

Related Posts...

Obituary: Steven Maryanoff

Obituary: Steven Roy Maryanoff, beloved brother to Bruce Eliot Maryanoff and friend to many people around Ashland, passed away peacefully on June 18 at the age of 75 in his private home in Ashland. He was active in the Buddhist community in and around Ashland.

Read More »

Latest posts

Obituary: Steven Maryanoff

Obituary: Steven Roy Maryanoff, beloved brother to Bruce Eliot Maryanoff and friend to many people around Ashland, passed away peacefully on June 18 at the age of 75 in his private home in Ashland. He was active in the Buddhist community in and around Ashland.

Read More >

Explore More...

Shakespeare’s "Coriolanus" hits the stage Tuesday at the Oregon Shakespeare Festival. Directed by Rosa Joshi, the play tells the story of a powerful yet starving population and a war hero turned politician.
Childcare providers have until Friday, July 26, to submit applications for Early Childhood Affordability Grant Program grants, according to an announcement by the city on Monday, July 22. The application period opened July 12, the release said.
A master plan tailor-made to guide the city of Ashland’s approach to homelessness was unanimously approved Thursday evening by the final committee standing between the plan and a review from Ashland City Council. A review of the master plan is scheduled for the Aug. 5 council study session. 
John Marciano: Violence at home and abroad is not antithetical to America, it has been its very nature since the founding.
Volunteers gathered Sunday morning in Railroad Park to make repairs to the Say Their Names memorial T-shirts along the fence by the park. it was the third or fourth Sunday in a row volunteers came to the park to slowly recreate the memorial for its fifth iteration. logo

Subscribe to the newsletter and get local news sent directly to your inbox.

(It’s free)

Don't Miss Our Top Stories

Get our newsletter delivered to your inbox three times a week.
It’s FREE and you can cancel anytime.