Technology
Cybersecurity

US Health Department Ensnared by MOVEit Hacking Campaign

  • Data accessed via third-party vendors, HHS official says
  • Records from more than 15 million compromised, researcher says

The US Department of Health and Human Services building in Washington, DC.

Photographer: Alastair Pike/AFP/Getty Images

Contact us:
Provide news feedback or report an error
Confidential tip?
Send a tip to our reporters
Site feedback:
Take our SurveyNew Window
By and
Updated on
Lock
This article is for subscribers only.

The US Department of Health and Human Services was ensnared by a sweeping hacking campaign that exploited a flaw in file-transfer software called MOVEit, according to an official with the department.

The attackers gained access to data by exploiting MOVEit software used by third-party vendors, the official said, adding that no HHS systems or networks were compromised. Congress was notified of a “major incident” on June 27, according to the official, indicating it may involve exposure of data from 100,000 or more people.

HomeBTV+Market DataOpinionAudioOriginalsMagazineEvents
News
MarketsEconomicsTechnologyPoliticsGreenCryptoAI
Work & Life
WealthPursuitsBusinessweekCityLabSportsEqualityManagement & Work
Market Data
StocksCommoditiesRates & BondsCurrenciesFuturesSectorsEconomic Calendar
Explore
NewslettersExplainersPointed News QuizAlphadots GameThe Big TakeGraphicsSubmit a TipAbout Us
Terms of ServiceTrademarksPrivacy Policy
CareersAdvertise
Ad Choices
Help©2026 Bloomberg L.P. All Rights Reserved.