Update MOVEit Patches and Check your Vendors
MOVEit is a managed file transfer application that is used by some state agencies and vendors. Due to several recently publicized vulnerabilities customers have been urged to suspend use until they implement emergency patches. Failure to patch the MOVEit system may result in data compromise through ransomware.
- Immediately confirm with your IT staff if the MOVEit application is being used by your agency. Take appropriate steps to implement the recommended patches. Review this guidance that was issued by the Cybersecurity and Infrastructure Security Agency for more information.
- If your agency uses MOVEit, conduct appropriate reviews to ensure that data has not been compromised.
- Confirm with any vendors that manage or host your agency data whether they use MOVEit. If they do, require the vendor to certify that the vendor has made appropriate patches and ensure that no data has been compromised.
- If data may have been compromised, begin the incident response process for your agency.
See our CTR Cyber page for more cybersecurity internal controls and contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.