A source in the U.S. Department of Health and Human Services reported on Wednesday that "the department is among the entities affected by an extensive hacking campaign focused on a program called (Move It) for file transfers."
An official from the department, familiar with the matter, stated: "Although the department's systems and networks were not breached, the attackers were able to access data by exploiting a vulnerability in the (Move It) program at third parties."
The hackers were able to steal data from two major law firms, namely (Kirkland and Ellis) and (K&L Gates). The hacking group is called "Clop," and it demands ransom from its victims. They published the names of the law firms on their leak site, which is typically an indication that negotiations between the victims and hackers have ceased.
The department's name did not appear on the list of alleged victims released by the Clop group, which previously stated that it does not deliberately steal data from government entities. However, this does not mean that the data was not breached.
