MOVEit Transfer vulnerability affects ABIM
ABIM was deeply disappointed to learn that we are among approximately 800 organizations potentially affected by the recent MOVEit Transfer vulnerability. We wanted to alert the diplomate community as soon as we could to the possibility that some of their personal data may have been exposed. We take many steps to protect the data of the physicians we certify and are dismayed that any physician may have had personal information exposed as a result of these bad actors.
We are currently working with Information Security experts to learn exactly what happened, including partnering with a leading cyber forensic company to undertake an extensive investigation. ABIM will contact anyone who has been directly affected by this incident, and do everything we can to support them.
What is the MOVEit Transfer vulnerability and why did this affect ABIM?
MOVEit Transfer is a Secure File Transfer Program (SFTP) service that organizations use to transfer files securely. According to media reports, hackers exploited a “zero-day vulnerability” to gain access to MOVEit Transfer’s systems and steal user data: more than 2,500 known SFTP servers were vulnerable to this attack. ABIM uses MOVEit Transfer to securely exchange information with other organizations that provide core business operations related to certification and maintenance of certification. The most common use ABIM made of this program was to support our “CME for MOC” collaboration with one of our third-party vendors.
How does ABIM protect diplomate information?
Shortly after being made aware of the MOVEit Transfer vulnerability, our security team shut off the file transfer process and began an investigation. All of ABIM’s data systems are monitored 24/7 for potential cyberattacks, with multiple layers of security in place to protect your information. This particular attack was limited to the file transfer service and no other systems were impacted.
What should ABIM diplomates do?
Nothing at this time. ABIM will contact anyone we identify as being affected by this incident in the coming weeks, and will provide information and resources to assist those individuals at no charge. If you do not hear from us, you can assume nothing significant about you was released.
The MOVEit Transfer vulnerability was unrelated to your ABIM Physician Portal sign-in credentials, so there is no need to change your password, though updating it regularly is a good idea and standard security practice. Bad actors are relentless in their efforts to access information anywhere and everywhere it may be electronically stored.
