The US Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued an alert to healthcare providers, urging them to increase their cybersecurity measures to protect against potential attacks by the Clop ransomware group.
This follows the group’s recent alleged mass attacks on more than 130 organizations, including healthcare industry entities, exploiting a vulnerability in vendor Fortra’s secure file transfer software GoAnyWhere MFT. The flaw allows hackers to exploit the software’s administrator console without authentication. Fortra issued a security alert on Feb. 1, and an update that includes a patch.
Clop has been active since February 2019 and is known for exclusively targeting the healthcare sector. The group was dealt a blow when Ukrainian authorities arrested six suspected members, but HHS states that continued and successful attacks demonstrate that the group is still a viable threat to healthcare organizations.
The American Hospital Association (AHA) has issued an alert to its members, based on the HC3’s warning, advising healthcare organizations to apply the recommended security patches and review their file transfer systems.
At least one healthcare sector entity, Community Health Systems, has publicly revealed that it was a recent victim of a cybersecurity incident involving the GoAnyWhere secure file transfer software. The multistate chain did not describe in its filing whether the incident involved a ransomware attack by Clop, but it did affect the data of about 1 million patients.
HC3’s latest Clop alert follows earlier warnings about the group, including one in January about its ongoing threats to healthcare sector entities and one in March 2021 warning healthcare entities that Clop was exploiting zero-day vulnerabilities affecting the Accellion File Transfer Appliance product.
Healthcare providers are particularly vulnerable to cyberattacks because of their high propensity to pay a ransom, the value of patient records, and often inadequate security.
According to a report issued last month by security firm Emsisoft, at least 25 US healthcare organizations operating 290 hospitals were potentially affected by ransomware attacks in 2022.
