A series of cyber thefts has struck major hospitals in North Carolina, with healthcare technology firm Nuance attributing the attacks to the Cl0p extortion gang. Nuance, owned by Microsoft, reported that personal data from prominent North Carolina hospitals was compromised during the Progress MOVEit Transfer campaign.
Furthermore, this campaign exploited a zero-day vulnerability in the MOVEit Transfer platform (CVE-2023-34362). Victims included Atrium Health, Duke University Health System, and Novant Health. Access to patients’ service records and demographic data was also obtained, prompting concerns about privacy and security.
Additionally, Nuance swiftly initiated an investigation with the assistance of cybersecurity experts and a law firm. The Clop group’s campaign had significant reach, targeting numerous North Carolina healthcare providers.
At the same time, Nuance acted promptly upon learning of the issue after Progress, the software vendor, disclosed the vulnerability and released security updates on May 31. Nuance emphasized its commitment to data privacy and security, stating that extensive measures are in place to protect entrusted information.
This incident adds to the growing cybersecurity concerns within the U.S. healthcare sector, as several facilities have recently fallen victim to cyberattacks. These attacks, including ransomware incidents, have disrupted hospital operations and compromised sensitive patient data, highlighting the urgent need for enhanced cybersecurity measures in healthcare institutions nationwide.