Posted on June 10, 2023 at 9:08 AM

MOVEit Software Breach Exposes Information Of 100,000 Nova Scotians

A hacker group is believed to have stolen personal information belonging to nearly 100,000 employees at Nova Scotia Health. The hackers obtained access to this information by exploiting a zero-day vulnerability within the MOVEit file transfer application. The breach of MOVEit has impacted many organizations across different industries.

MOVEit hack affected 100,000 Nova Scotians

The announcement of this breach at Nova Scotia Health is among the first exploits that are being reported in the healthcare sector. Ransomware hackers secured data by exploiting a vulnerability within the MOVEit software that has since been patched.

The US Department of Health and Human Services Health Sector Cybersecurity Coordination issued an alert saying that the MOVEit file transfer software had a wide footprint. As such, an exploit of the vulnerability can cause massive effects across the healthcare and public health sector.

Nova Scotia is a Maritime province located on the east coast of Canada. Its government relies on the MOVEit file transfer services to process employee payroll information. The information processed through this software is now at risk of being exploited by hackers because of the recent breach.

A spokesperson from the Nova Scotia government noted that they could confirm that the personal information belonging to 100,000 previous and present employees at Nova Scotia Health had been affected. The affected employees also include the ones at the IWK Health Center and the public service.

The spokesperson has also noted that the number of affected employees could change with time as an investigation into the matter was still ongoing. The government will also continue updating the public when more information on the breach has been obtained. However, the spokesperson noted that patient information seems to have not been affected during the incident.

An investigation into the incident has determined that the employee information that was compromised includes the social insurance numbers, addresses, and banking details, according to the Nova Scotia cybersecurity and digital solutions service.

The attack has been attributed to the Clop ransomware-as-a-service threat actor group. Earlier this week, the group claimed responsibility for the attack. An issue for this flaw was patched on May 31 by Progress Software.

The breach has claimed many victims

The report by Progress Software has also noted that hundreds of healthcare and public health sectors, including hospitals, clinics, and insurance groups that relied on the MOVEit file transfer software, were victims of this security incident.

This file transfer software is used in transferring files for healthcare billing, insurance eligibility inquiries, healthcare claims, audit logs, appointment reminders, patient surveys, and the retrieval of patient medical records. This exposes sensitive healthcare data to hackers. This data could potentially be exploited to cause havoc.

The federal government has further said that the sensitive information that could be exploited by these hackers includes medical records, bank records, social security numbers, and addresses. The organizations that have also been targeted by the breach also face extortion from the threat actor groups that appear to be financially motivated.

The Clop ransomware group is already extorting the affected organizations. The hackers posted a warning saying that they would start posting the names of the victims unless the victims reached out to the hacker group. This group also said that it had erased the data obtained from the government, police, and city services, saying that it did not have an interest in exposing the information.

The exploitation appears to have far-reaching effects. Some security experts have said that the exploitation of this flaw might have affected manufacturing, higher education, defense contractors, healthcare, energy, finance, and state government. Cybersecurity experts have been tracking the exploit to identify the affected individuals and organizations.

The situation that is being seen with the MOVEit file transfer software comes after a series of similar attacks were reported earlier this year. At the time, threat actors had released a statement detailing a flaw within a secure file transfer application known as Fortra’s GoAnywhere MFT.

The technologies that were targeted in these attacks suffered a mass exploit after a zero-day vulnerability within the MOVEit file transfer service was affected. The threat actor in question stole data belonging to several customers in the two cases.

The process of compromising file transfer platforms is an attractive target for hackers because these organizations usually rely on these applications to store and transfer sensitive information to customers and partners. As such, the level of exposure is significantly high if a threat actor group can successfully infiltrate such systems as seen in the recent case with MOVEit.