Clop ransomware hackers hit a million US healthcare customers

Image Credit: Shutterstock (Image credit: Shutterstock)

The Clop ransomware group has attacked a well-known B2B file transfer service, leading to up to a million US health patients having their sensitive data exposed.

News of the breach came after Community Health Systems (CHS) filed a document with government regulators confirming the breach.

According to the filing, Clop, which is allegedly tied to the Russian government, breached GoAnywhere MFT, a popular file-sharing service developed by Fortra and used by large businesses to share sensitive files, securely.

Details are scarce

“As a result of the security breach experienced by Fortra, protected health information and personal information of certain patients of the company’s affiliates were exposed by Fortra’s attacker,” the document reads.

CHS did not say what type of data was taken, nor did it say how the attack came about. It did say that it started notifying all affected individuals, and started offering them free identity theft protection services.

The organization’s operations have not been affected, it said.

On the other end, Clop has taken responsibility for the attack, saying it abused a zero-day in GoAnywhere MFT to compromise more than a hundred organizations. Speaking to BleepingComputer, Clop said it compromised 130 organizations, but did not provide any proof for these claims.

> Clop ransomware had a rather handy flaw for Linux users to exploit

> Clop ransomware looks to target Windows 10 apps

> Remove viruses and ransomware with the best malware removal

Fortra had recently notified its customers of a new zero-day but did it via a vulnerability report only available to registered users.

The flaw, tracked as CVE-2023-0669, was later publicized by cybersecurity researcher Brian Krebs.

“A zero-day remote code injection exploit was identified in GoAnywhere MFT,” Fortra allegedly said. “The attack vector of this exploit requires access to the administrative console of the application, which in most cases is accessible only from within a private company network, through VPN, or by allow-listed IP addresses (when running in cloud environments, such as Azure or AWS).”

To protect against these attacks, GoAywhere users should make sure to apply the latest patch and get their software up to at least version 7.1.2.

Check out free and paid options for the best firewall software to stay protected online

Via: TechCrunch

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.