Health Service Ireland latest victim of MOVEit cyber attack

Health
Service
Ireland
(HSE)
has
become
the
latest
victim
of
a

supply
chain
cyber
attack
launched
against
document
transfer
service
MOVEit.
The
attack
was
launched
by

ransomware
gang,
Clop.

Clop
were
able
to
infiltrate
MOVEit
by
exploiting
a

zero-day
vulnerability
that
allowed
the
malicious
group
to

break
into
company
networks
and
steal
data.
Professional
services
partnership
EY
was
also
impacted
by
the
cyber
attack,
leading
to
the
breach.

HSE
was
working
with
EY
to
automate
its
recruitment
process
using
software
provided
by
MOVEit.
On
June
8,
HSE
was
alerted
to
the
fact
that
EY
had
been
impacted
by
the

cyber
attack
on
MOVEit.
Following
this,
HSE
investigated
the
impact
of
the
cyber
attack
on
HSE
and
its
data.

Following
an
investigation
and
analysis
of
the
attack,
HSE
has
determined
that
“no
more
than
20
individuals
involved
in
the
recruitment
process”
were
affected
by
the
data
breach.
The
data
potentially
accessed
by
the
hackers
includes
the
names,
addresses,
mobile
numbers
and
position
of
those
on
the
recruitment
panel,
as
well
as
more
general
information
about
the
job
roles
to
be
filled.
No
other
personally
identifying
or
financial
information
was
accessed
during
the
cyber
attack.

HSE
is
working
with
the
relevant
authorities
including
the
Irish
Data
Protection
Commission
(DPC)
regarding
the
cyber
attack
and
data
breach.
The
organization
is
in
the
process
of
contacting
those
affected
by
the
breach.

Other
companies
affected
by
the
breach
include
those
who
use
the payroll
services
provider,
Zellis.
The
network
infiltration
of
Zellis
led
to
the
breach
of

more
than
100,000
employees’
data
from
companies
including
the
British
Broadcasting
Company
(BBC),
health
and
beauty
retailer
Boots
and flag
carrier
of
Ireland
Aer
Lingus. 

The
ransomware
gang
later
took
to
the


dark
web
in
an
ettempt
to
extort
victims
of
the
data
breach.
Clop

issued
an
ultimatum
to
the
data
breach
victims,
saying
that
comapnies
affected
by
the
attack
need
to
contact
them
by
June
14,
or
their
personal
data
would
be
leaked
online.

Clop
claimed
that
all
those
who
worked
for
local
or
national
government
or
the
police
services
were
exempt
from
this
threat.
The
ransomware
gang
addressed
them
directly,
saying
they
should
“not
worry”.
They
continued,
saying
“we
erased
your
data
you
do
not
need
to
contact
us.
We
have
no
interest
to
expose
[sic]
such
information”,
although
the
legitimacy
of
this
statement
has
been
called
into
question.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts