Two ransomware groups known for targeting the healthcare sector, Clop and LockBit, have been using vulnerabilities to conduct new attacks, the Health Sector Cybersecurity and Coordination Center warned in an April 28 threat brief.
Five things to know:
- Clop ransomware group has been exploiting the GoAnywhere MFT vulnerability and has attacked and stolen data from around 130 organizations.
- Clop and LockBit have also been exploiting CVE-2023-27350 and CVE-2023-27351 vulnerabilities. These vulnerabilities are used by print management software PaperCut.
- Franklin, Tenn.-based Community Health Systems was affected by an incident involving GoAnywhere from third-party vendor Fortra. About 1 million of its patients' information has been breached due to the attack on the vulnerability.
- An increase in ransomware attacks in March was attributed to the exploitation of the GoAnywhere vulnerability.
- HHS is recommending all organizations to patch the vulnerabilities with affected servers.