The U.S. Department of Health and Human Services had data from at least 100,000 individuals compromised as a result of the widespread Cl0p ransomware attack involving the exploitation of a vulnerability in the MOVEit Transfer file transfer app, reports The Associated Press.
Attackers were able to access the HHS data through its third-party vendors but there has not been any compromise of the department's systems or networks, said an HHS official to Congress. No details were provided regarding the data that may have been impacted by the incident. Hundreds of organizations around the world are estimated to have been affected by the MOVEit hack. Aside from compromising U.S. Department of Energy, Ernst & Young, British Airways, and Johns Hopkins University, the MOVEit hack was also confirmed to have resulted in the theft of data belonging to over 9 million Louisiana and Oregon motorists, more than 769,000 individuals in the California Public Employees' Retirement System, and over 171,000 people part of the Tennessee Consolidated Retirement System.