The Department of Health and Human Services (HHS) has become the latest US government agency affected by a significant cyberattack, potentially compromising the data of at least 100,000 individuals. The breach, connected to Russian cybercriminals, targeted HHS contractors and exploited a vulnerability in the third-party vendor software MOVEit Transfer.
Although HHS systems remained uncompromised, the incident highlights the widespread nature of the cyberattack, which has impacted multiple sectors across the US and UK. The hackers, known as CLOP, are stealing data rather than encrypting computers with ransomware, and their activities have resulted in the theft of personal information from millions of Americans, including data from motor vehicle departments and California’s public pension fund.
The vulnerability in the MOVEit Transfer software, utilized by various organizations, including government agencies, has enabled Russian cybercriminals to exploit it and compromise numerous companies and institutions.
While US software company Progress Software issued a security update for MOVEit, the hackers managed to gain unauthorized access before the patch was implemented.
HHS notified Congress about the breach and will provide ongoing updates during the investigation, as per the requirement to report data breaches involving the compromise of personal information exceeding 100,000 people.
Although CLOP’s impact on federal agencies has been limited, the incident underscores the growing threat posed by cybercriminals and the need for robust cybersecurity measures across all sectors.
As the investigation continues, high-profile victims of the cyberattack have come forward, including Siemens Energy and the University of California Los Angeles. The hackers have resorted to publishing stolen data on dark-web extortion sites, indicating that some ransom payment attempts have failed. While some victims have chosen to pay the hackers, the exact number and amount paid remain unknown.
The extent of the vulnerability exploited by CLOP has prompted numerous active forensic investigations into data theft and extortion attempts, affecting industries such as finance, industry, law, healthcare, and technology in the US and UK.
As cybersecurity experts emphasize, even a handful of successful attacks can provide significant profit for hackers and fuel future cybercrime activities.
