HHS Is the Latest US Government Agency Hit by Clop in MOVEit Attack

UK and France say lawyers are targets, SolarWinds Wells Notice recipients confirmed, US detains noted Russian cyber pro, Philippine cops raid fraud factories, Spy balloon packed with US spy kit, more

According to an official, the US Department of Health and Human Services was ensnared by the sweeping hacking campaign by the Clop gang that exploited a flaw in file-transfer software called MOVEit.

The official said that the attackers gained access to data by exploiting MOVEit software used by third-party vendors, adding that no HHS systems or networks were compromised. According to the official, Congress was notified of a “major incident” on June 27, indicating it may involve the exposure of data from 100,000 or more people. 

However, the official said that HHS has no evidence to suggest that internal email communications have been compromised.

The revelation that HHS was affected in the campaign follows news that Clop has hit at least two other government agencies in MOVEit attacks, including the Department of Energy and the Department of Agr…