Department of Health and Human Services is victim of the MOVEit vulnerability data breach

A comprehensive data breach affecting potentially over 100,000 individuals has been officially disclosed to the United States Congress by the U.S. Department of Health and Human Services (HHS).

The cause of the data breach is the exploited vulnerability in MOVEit Managed File transfer explouted by a ransomware group Cl0p.

While the HHS official did not disclose specific details regarding the compromised data, they clarified that none of the department's internal systems or networks were compromised. Instead, the hackers managed to gain access to data handled by undisclosed third-party vendors.

The Department of Health and Human Services labeled this breach as a "major incident" and promptly reported it to Congress on Tuesday, as the incident affected the personal information of 100,000 or more individuals, meeting the criteria for such classification.

The breach of the MOVEit file-transfer program was discovered last month, and cybersecurity experts estimate that it has affected hundreds of organizations worldwide.

The perpetrators of this hack, the Cl0p ransomware syndicate are extorting their victims and threaten to release their data publicly if their demands for payment are not met.