reported about an alert issued by “…the U.S. Department of Health and Human Services’ [HHS] Health Sector Cybersecurity Coordination Center warned that Clop claims to have hit more than 130 organizations, including healthcare industry entities, with attacks involving the GoAnyWhere MFT flaw.”  The February 24, 2023 entitled “Authorities Warn Healthcare Sector of Ongoing Clop Threats” ( included these comments:

Hackers can exploit the flaw, which is present in the software’s administrator console, without having to authenticate or otherwise log into the console. Fortra first issued a security alert on Feb. 1 and released an update that includes a patch (see: Clop Ransomware Claims Widespread GoAnyWhere MFT Exploits).

Clop has been active since February 2019. Unlike other ransomware-as-a-service groups, “Clop unabashedly and almost exclusively targets the healthcare sector,” HHS writes. Law enforcement dealt the group a blow when Ukrainian authorities arrested six suspected members. “Continued and successful attacks, however, demonstrate that this prolific group is still a viable threat to the healthcare sector,” HHS writes.

Also the “American Hospital Association issued an alert for its members on Thursday based on HHS HC3’s warning”:

“Healthcare organizations should immediately apply the security patches recommended..”

Is anyone surprised by this alert?

First published at