Clop gang stolen data from major North Carolina hospitals

Pierluigi Paganini
September 17, 2023

Researchers at healthcare technology firm Nuance blame the Clop gang for a series of cyber thefts at major North Carolina hospitals.

The Microsoft-owned healthcare technology firm Nuance revealed that the Clop extortion gang has stolen personal data on major North Carolina hospitals as part of the Progress MOVEit Transfer campaign.

MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.

The Clop ransomware gang (aka Lace Tempest) was credited by Microsoft for the campaign that exploited a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform.

In June, the Clop ransomware group claimed to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability.

Among the victims of the Clop group, there is also Microsoft’s Nuance health-care technology subsidiary.

Nuance launched an investigation into the incident with the help of cyber security experts and a law firm.

The company on Friday said that Clop group may have stolen personal data at numerous North Carolina hospitals and other health care providers, including:

According to the Nuance news release. threat actors also had access to services people received and their demographic information.

Compromised data included the services people received and their demographic information,

Nuance announced to have immediately addressed the issue after the software vendor, Progress, disclosed the flaw and released security updates to fix it on May 31.

“Patches were installed as soon as they were available,” the Nuance release said in a press release. “Data privacy and security are among Nuance’s highest priorities,” reads a statement published by the company. “The company has extensive measures in place to protect information entrusted to us.”

People are recommended to review account statements and monitor their free credit reports for suspicious activity.

US hospitals are under pressure, recently several facilities suffered cyber attacks.

Recently the Rhysida ransomware group made the headlines because it announced the hack of Prospect Medical Holdings and the theft of sensitive information from the organization.

In early August, a cyberattack disrupted the computer systems of multiple hospitals operated by Prospect Medical Holdings, which are located in multiple states, including California, Texas, Connecticut, Rhode Island, and Pennsylvania.

Some emergency rooms in multiple hospitals in several states were forced to close and ambulances were diverted due to a cyberattack against their networks.

A few days ago, Rhysida Ransomware group added three more US hospitals to the list of victims on its Tor leak site after the PROSPECT MEDICAL attack. The systems at three hospitals and other medical facilities operated by Singing River Health System were hit by a cyber attack at the end of August.

The Singing River Health System runs 3 hospitals and 10 clinics and is the second largest employer on the Mississippi Gulf Coast.

In June, the Idaho Falls Community Hospital was hit by a cyber attack that impacted its operations. Officials at the hospital confirmed that some clinics closed due to the cyber attack and some ambulances have been diverted to nearby hospitals.

Another hospital in the same region, the Mountain View Hospital, suffered a cyber attack. Officials confirmed that a malware infected some systems of the hospital’s IT infrastructure.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, North Carolina hospitals)