HHS: Healthcare targeted by Clop, LockBit with Fortra GoAnywhere, PaperCut flaws

U.S. healthcare providers have been warned by the Department of Health and Human Services Cybersecurity Coordination Center regarding new Clop and LockBit ransomware attacks leveraging a Fortra GoAnywhere Managed File Transfer system flaw, tracked as CVE-2023-0669, and two other vulnerabilities in the PaperCut MF/NG printing management software, tracked as CVE-2023-27350 and CVE-2023-27350, HealthITSecurity reports. Exploitation of the Fortra GoAnywhere vulnerability has been noted to account for a 91% increase in ransomware attacks in March compared with February, with Clop, which has almost always targeted the healthcare sector, admitting to having compromised 129 organizations, according to the HC3 alert. Meanwhile, both PaperCut flaws could be leveraged to enable bypass authentication across over 100 million users around the world. Immediate patching has been urged for all of the actively exploited vulnerabilities, with master encryption key modifications and credential resets advised for the Fortra GoAnywhere bug and traffic blocking recommended to mitigate the PaperCut flaws. "The probability of cyber threat actors, including Cl0p, targeting the healthcare industry remains high. Prioritizing security by maintaining awareness of the threat landscape, assessing their situation, and providing staff with tools and resources necessary to prevent a cyberattack remains the best way forward for healthcare organizations," said the HC3.