Department of Health and Human Services Suffers Data Breach From MOVEit Vulnerability

Congress has received word of a data breach impacting the Department of Health and Human Services that potentially compromised the information of over 100,000 individuals.

The attack involved the exploitation of a weakness in Progress Software’s MOVEit, a file transfer solution used by various government agencies and commercial firms. According to the HHS official that alerted Congress, hackers gained access to data managed by third-party vendors.

The MOVEit vulnerability was discovered in late May and later patched. However, cybersecurity experts estimate that hundreds of companies worldwide could potentially have had data extracted.

Attacks perpetrated by Russian ransomware gang Cl0p have hit the Department of Energy and organizations such as the BBC, Johns Hopkins University and Ernst and Young, ABC News reported.

Eric Goldstein, the Cybersecurity and Infrastructure Security Agency’s executive assistant director for cybersecurity, said support is being provided to affected federal agencies.

In early June, CISA and the FBI issued an advisory on Cl0p’s tactics. They explained that the ransomware gang steals data by infecting MOVEit’s web applications with malware.