- Last week, the HHS warned that Russia-linked ransomware group Clop took responsibility for attacking more than 130 organizations, including some in the health industry, using secure file transfer software, GoAnywhere MFT.
- Tennessee-based Community Health Systems was breached as part of the attacks, leading to health information on up to 1 million patients being compromised, per a Feb. 13 Securities and Exchange Commission filing.
- The HHS brief highlights the threat to healthcare data, with 24 hospitals and multi-hospital healthcare systems being attacked in 2022.
The threat by Clop, a ransomware group that has been active since February 2019, shows how vulnerable personal health information is to cyberattacks. More than 289 hospitals may have been impacted by ransomware attacks in 2022, according to the HHS.
The HHS sector alert notes that a customer portal was particularly vulnerable. Cybersecurity expert Brian Krebs first alerted the public of the Clop zero-day threat on Feb. 2. The software vendor Fortra released a patch for the GoAnywhere software on Feb. 7.
CHS revealed in its Feb. 13 SEC filing that the Fortra GoAnywhere breach may have affected about 1 million people. However, the company said patient care was unaffected.
The HHS sector alert follows a recent report by cyber risk intelligent firm Black Kite revealing that the healthcare industry was the most common victim of third-party breaches in 2022. In addition, the HHS had alerted the healthcare sector of a threat from pro-Russian hacktivist group called Killnet, which includes hospitals and medical organizations in several countries on its target list.
To address the threat of cybersecurity attacks, the HHS sector alert advises organizations to educate and train staff to lower the risk of attacks through email and network access. It also recommends conducting an assessment of risks and forming a plan that outlines the necessary budget, staff and tools.