At least 100,000 people could have had their data compromised by a hack of contractors at the Department of Health and Human Services, a department official said Thursday, making it the latest US government agency to be caught up in a sweeping cyberattack connected to Russian cybercriminals.
HHS notified Congress of the breach on Tuesday and will update lawmakers as the investigation continues, the official said. Agencies are required to notify Congress of a data breach that involves the compromise of personal information of 100,000 or more people.
โWhile no HHS systems or networks were compromised, attackers gained access to data by exploiting the vulnerability in the MOVEit Transfer software of third-party vendors,โ the official told CNN.
MOVEit is the popular file-transfer software that suspected Russian cybercriminals have exploited in recent weeks to compromise scores of companies, schools and government agencies in the US and abroad. US firm Progress Software, which makes MOVEit, issued a security update for the software but the hackers had a few daysโ head start in getting into systems.
CNN first reported that several US agencies were affected by the MOVEit vulnerability, a list that includes the Department of Energy, Office of Personnel Management and US Department of Agriculture.
Bloomberg News first reported that HHS was affected.
Federal officials have blamed the hacking campaign exploiting the software on a Russian-speaking group known as CLOP. The hackers are generally stealing data from victims rather than encrypting their computers with ransomware and using the stolen data to make extortion demands.
CLOPโs impact on federal agencies has been limited, officials say, but elsewhere millions of Americans have had their personal data accessed. Motor vehicle departments in Louisiana and Oregon, and Californiaโs…
Read the full article here
Leave a Reply