The Russia-linked ransomware group Clop claims it used a vulnerability in the secure file transfer software GoAnywhere MFT to attack over 130 organizations this month in health care and other sectors, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) alerted the sector yesterday. The report provides an update on the unsubstantiated claim, the group’s latest potential tactics and recommendations to detect and protect against Clop and other ransomware.

“The Russia-linked Clop ‘ransomware-as-a-service’ gang has been targeting health care since 2019, evolving its tactics to effectively combine ransomware and data theft in novel ways,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “Last month HC3 reported that Clop was infecting files disguised to look like medical documents, submitting them to providers and requesting a medical appointment. The objective is to deceive the recipient into clicking on the malicious document and infecting the organization with highly disruptive ransomware. Health care organizations should immediately apply the security patches recommended in these alerts and review the scope, security and necessity of secure file transfer systems.”

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.
 

Related News Articles

Headline
Cyber actors linked to the People’s Republic of China are targeting router firmware in government and multinational organizations, which should review all…
Headline
The Food and Drug Administration Sept. 26 finalized guidance updating the cybersecurity information device makers should submit to its Center for Devices and…
Headline
The Health Information Sharing and Analysis Center (H-ISAC) Sept. 19 alerted the health sector to an emerging threat that targets senior executives through…
Headline
The Department of Health and Human Services Sept. 18 alerted the health care sector to a critical vulnerability in ManageEngine products that allows an…
Headline
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) yesterday alerted the sector to a ransomware group that…
Headline
The U.S. Treasury Department, in coordination with the United Kingdom, Sept. 7 sanctioned 11 individuals who are part of the Russia-based Trickbot cybercrime…