The Deparment of Health and Human Services (HHS) is among several federal agencies that were impacted by a global cyberattack that exploited a software vulnerability.
In a statement to The Hill, the agency said, “while no HHS systems or networks were compromised, attackers gained access to data by exploiting the vulnerability in the MOVEit Transfer software of third party vendors.”
“HHS is taking all appropriate actions … and will provide Congress with additional information as the investigation continues,” an HHS official said.
HHS is the latest agency that was reportedly affected by the breach. It was also reported that the Department of Energy was also impacted and was asked to pay a ransom.
The Russian-speaking ransomware group known as CLoP is reportedly behind the government hack. The hackers exploited a vulnerability in a software application known as MOVEit, which is widely used by government agencies to transfer files.
U.S. officials said that they are investigating the impact and scope of the attack.
Eric Goldstein, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), told CNN that his agency is “providing support to several federal agencies that have experienced intrusions.”
