The MOVEit data breach, a hack that has touched millions of Americans across a variety of industries, has already claimed three health system victims. And more could be on the way.
That's because victims of the breach continue to be identified, as several organizations found out they were affected after learning their third-party vendors use the file-transfer application from Progress Software, The Wall Street Journal reported July 19. Clop, a ransomware gang with ties to Russia, has claimed responsibility for the back.
"It's massively complex, the downstream impact is difficult to predict, and organizations are not necessarily going to be sure at this point whether they do have any exposure," Brett Callow, threat analyst at cybersecurity firm Emsisoft, told the newspaper.
The health systems already identified as victims of the breach have included Louisville, Ky.-based UofLHealth in July and Bellaire, Texas-based Harris Health System and Baltimore-based Johns Hopkins Medicine in June. UofLHealth and Johns Hopkins Medicine (which faces a lawsuit over the incident) were discovered to be affected almost a month apart. "New details are emerging daily from MOVEit and other third-party vendors," a spokesperson for Fort Collins-based Colorado State University, another recent victim, told the Journal.
One thing is for sure, Mr. Callow added to the news outlet: "This incident is going to be massively costly."