The MOVEit data breach that has affected millions of people across a variety of industries has claimed another health system victim.
Louisville, Ky.-based UofLHealth confirmed to TechCrunch in a July 11 story that it was caught up in the breach but declined to specify how many patients were affected. Clop, a ransomware gang with ties to Russia, has claimed responsibility for the hack and listed the health system on its dark web leak site.
"Recently, the United States government confirmed that multiple federal agencies had been affected by cyberattacks which exploited a security vulnerability in a popular file transfer tool called MOVEit," a UofL Health spokesperson told the news outlet. "Unfortunately, a small number of UofL Health medical practices used this software to transfer files to third-party vendors.
"Upon learning of this event, UofL Health immediately took action and is now working with a forensic IT agency to determine the scope of the matter. The security of normal operations at UofL Health hospitals, medical centers, and physician offices has not been jeopardized."
Other health systems targeted in the MOVEit breach include Baltimore-based Johns Hopkins Medicine and Bellaire, Texas-based Harris Health System.