Clop ransomware hackers hit a million US healthcare customers

The group used a flaw in a file-sharing service

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The Clopransomwaregroup has attacked a well-known B2B file transfer service, leading to up to a million US health patients having their sensitive data exposed.

News of the breach came after Community Health Systems (CHS) filed a document with government regulators confirming the breach.

According to the filing, Clop, which is allegedly tied to the Russian government, breached GoAnywhere MFT, a popular file-sharing service developed by Fortra and used by large businesses to share sensitive files, securely.

Details are scarce

“As a result of the security breach experienced by Fortra, protected health information and personal information of certain patients of the company’s affiliates were exposed by Fortra’s attacker,” the document reads.

CHS did not say what type of data was taken, nor did it say how the attack came about. It did say that it started notifying all affected individuals, and started offering them free identity theft protection services.

The organization’s operations have not been affected, it said.

On the other end, Clop has taken responsibility for the attack, saying it abused a zero-day in GoAnywhere MFT to compromise more than a hundred organizations. Speaking toBleepingComputer, Clop said it compromised 130 organizations, but did not provide any proof for these claims.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Clop ransomware had a rather handy flaw for Linux users to exploit>Clop ransomware looks to target Windows 10 apps>Remove viruses and ransomware with the best malware removal

Fortra had recently notified its customers of a new zero-day but did it via a vulnerability report only available to registered users.

The flaw, tracked as CVE-2023-0669, was later publicized by cybersecurity researcher Brian Krebs.

“A zero-day remote code injection exploit was identified in GoAnywhere MFT,” Fortra allegedly said. “The attack vector of this exploit requires access to the administrative console of the application, which in most cases is accessible only from within a private company network, throughVPN, or by allow-listed IP addresses (when running in cloud environments, such as Azure or AWS).”

To protect against these attacks, GoAywhere users should make sure to apply the latest patch and get their software up to at least version 7.1.2.

Via:TechCrunch

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics