UMass Chan Medical School is the newest to warn patients of a breach resulting in stolen Social Security numbers, addresses, health information, and more.
What happened
According to Reuters, the MOVEit breach was first disclosed by Progress Software, a Massachusetts-based company, on May 31st. Since then, more than 600 organizations worldwide have had their data compromised. It's estimated that up to 40 million people have been affected, with varying degrees of personal and health information released.
MOVEit, a software utilized to send and receive large amounts of sensitive data, like social security numbers, medical records, and more, poses a significant risk to the healthcare sector, which uses the service because it is HIPAA compliant.
Read more: Critical vulnerabilities identified in MOVEit Transfer and MOVEit Cloud
What's new
Now, health officials in Massachusetts have issued a warning stating that at least 134,000 residents may have had their data stolen. The breach impacts patients of UMass Chan Medical School in Worcester and contains data including names, dates of birth, mailing address, financial information, health information, Social Security numbers, and more. Impacted data may vary across individuals.
Patients not part of UMass Chan Medical School, but who receive services from the Executive Office of Health and Human Services (EOHHS) may also be impacted.
The Medical School is alerting impacted individuals and offering free credit monitoring and identity theft protection in response.
Going deeper
Clop, a ransomware group believed to be based in Russia, has taken credit for the MOVEit attacks. According to one report, the nefarious organization has much to gain; they are expected to bring in between $75-$100 million from extorting their victims.
Organizations that have had their data compromised will be asked to pay a hefty ransom or risk having the data exposed online. While many organizations are now opting against paying ransoms, Clop is compensating by demanding higher amounts from victims who are most likely to pay.
Expert Marc Bleicher, chief technology officer of Surfefire Cyber, said to Reuters that the attack is still in a "very early stage." Bleicher believes the "real impact and fallout" will be seen further down the line.
The big picture
Clop's expected success shows the ransomware sector is alive and well. However, some attacks, particularly against smaller companies, are currently viewed as less fruitful.
Most important to Clop's success was the ability for the attack to quickly spread. Companies that used MOVEit to transfer sensitive data went on to infect third parties that they conducted business with. While many organizations were able to quickly patch the vulnerability, others were unable to act in time.
As the ramifications continue to unfold, cybersecurity experts are already contemplating the best ways to prevent future attacks and stop Clop from earning more revenue.
Related:
Image Licence
Abby Grifno
