Advisory On Ransomware Group CLOP Issued By HHS In The US


Week ending February 25, the HHS had gone on to warn that one of the Russian-linked ransomware groups named Clop was the one that had attacked over 130 organizations, including some in the healthcare sector, using GoAnywhere MFT, which was secure file transfer software. Community Health Systems in Tennessee was breached as part of these attacks, with the health information of almost 1 million patients being compromised, as per the filing by Security and Exchange on February 13. According to the HHS brief, apparently, there happens to be a threat to healthcare data, with almost 24 hospitals as well as multi-healthcare systems being attacked in 2022.

The threat that Clop, a ransomware group that has been active since February 2019, poses goes on to show how susceptible personal health information has become to cyberattacks. It is well to be noted that more than 289 hospitals may have been impacted by the ransomware attacks in 2022 alone.

Apparently, the HHS vertical alert notes that one of the customer portals was specifically vulnerable. Brian Krebs, a cybersecurity expert, was the first who went on to alert the public about the Clop zero-day threat on February 2. The software vendor Forta went on to release a patch for the software named GoAnywhere five days later, on February 7.

CHS put out in perspective in its February 13 filing that the Forta-GoaAnywhere breach could have gone on to affect around a million people. However, as per the company, patient care remained unaffected.

The HHS sector alert came after a recent report rolled out by cyber risk intelligence firm Black Kite, which revealed that the healthcare sector was the easiest victim when it came to third-party cyber breaches last year. Besides, the HHS had already alerted the healthcare industry of a threat from Killnet, a Russian hacktivist group that has on its target list numerous hospitals as well as medical organizations.

In order to take care of cybersecurity attacks, the HHS sector alert is of the opinion that organisations should train and educate their staff in order to lessen the risk of such attacks that occur through emails and network access. The alert also recommends conducting a risk assessment and formulating a plan that outlines the required staff, tools, and budget.