Clop Gang Stole Data From Major North Carolina Hospitals

The Microsoft-owned healthcare technology firm Nuance revealed that the Clop extortion gang has stolen personal data on major North Carolina hospitals as part of the Progress MOVEit Transfer campaign. MOVEit Transfer is a managed file transfer used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads. The Clop ransomware gang (aka Lace Tempest) was credited by Microsoft for the campaign that exploited a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform. In June, the Clop ransomware group claimed to have hacked hundreds of companies globally by exploiting the MOVEit Transfer vulnerability. Among the Clop group's victims is also Microsoft’s Nuance healthcare technology subsidiary. Nuance launched an investigation into the incident with the help of cybersecurity experts and a law firm. According to the Nuance news release. threat actors also had access to services people received and their demographic information.