Russian-based ransomware group Clop has claimed to have mass-hacked 130 organizations, including Franklin, Tenn.-based Community Health Systems, TechCrunch reported Feb. 15.
The group has taken responsibility for the data breach on cybersecurity firm Fortra.
Fortra is a cybersecurity firm that provides file transfer software called GoAnywhere to Community Health Systems.
The ransomware gang claims to have exploited GoAnywhere's security vulnerability and said it has stolen data from more than 130 organizations, but the group did not provide evidence for its claim, nor did Clop's dark web leak site make mention of Fortra or GoAnywhere.
Community Health Systems filed a report with the U.S. Security and Exchange Commission on Feb. 13 stating that the security breach at Fortra resulted in the personal information of its patients to be compromised.
The health system is one of the first to report a data breach, but Clop suggests that there could be dozens of affected organizations.
On Feb. 7, Fortra released an emergency patch for the GoAnywhere software and urged customers to apply the new update as soon as possible.
CISA also added the GoAnywhere flaw to its catalog of known exploited vulnerabilities and has ordered organizations that use the system to patch it before March 3.