Data on more than 100,000 employees in Nova Scotia’s healthcare sector has been compromised due to a vulnerability in Progress Software’s MOVEit file transfer application. The stolen data includes sensitive information such as Social Insurance numbers, addresses, and banking details of employees in various healthcare organizations. The Clop/Cl0p ransomware gang has claimed responsibility for the MOVEit Transfer data theft attacks. Exploiting a SQL injection zero-day vulnerability (CVE-2023-34362), the attackers deployed web shells and stole data within minutes of exploitation.
The affected healthcare sector in Nova Scotia includes Nova Scotia Health, the public service, and the IWK Health Centre. The province uses MOVEit for transferring payroll information, and victims are being notified about the breach. The Clop/Cl0p ransomware gang, also known as Lace Tempest, has targeted other major organizations such as the BBC, British Airways, Boots, and Aer Lingus. The vulnerability in MOVEit Transfer was announced by Progress Software on May 31, with exploitation evidence detected as early as May 27, leading to the rapid deployment of web shells and subsequent data theft.
Security researchers warn that IT departments, especially those who haven’t applied the patch or are using unaffected versions of MOVEit, should assume potential compromise. An SQL injection vulnerability poses significant risks, allowing attackers to exploit unpatched systems. The stolen data, including personal and financial details, could be exploited for social engineering attacks or held for ransom. The incident highlights the critical importance of promptly addressing vulnerabilities and applying patches to mitigate the risk of data breaches and ransomware attacks.
