We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Ransomware Group Steals 1 Million Patient Records

Ransomware Group Steals 1 Million Patient Records
Author Image Keira Waddell
Keira Waddell Published on 17th February 2023 Senior Writer

Clop, a ransomware group with ties to Russia, has asserted it was behind recent attacks that exploited a zero-day flaw in the GoAnywhere MFT secure file transfer tool. One of the biggest victims was Community Health Systems (CHS), one of the largest healthcare providers in the US. They confirmed that criminal hackers stole the private medical records of approximately 1 million patients this week.

Clop told Bleeping Computers that they are responsible for exploiting the new zero-day vulnerability. They claim to have already stolen data from more than 130 organizations that use GoAnywhere. However, they failed to provide any evidence to support these claims.

CHS said that Fortra (the developers of the GoAnywhere software) recently informed them about a security incident that led to CHS patient data being disclosed without authorization. In its filing with government regulators, CHS confirmed that the data breach happened because it used the popular file-transfer software. The GoAnywhere software is used by many large businesses to share and send large sets of data securely.

Brian Krebs, a security journalist, was the first to report the zero-day flaw in Fortra's GoAnywhere software on February 2. The flaw is known as CVE-2023-0669. Krebs posted Fortra's full security advisory regarding the vulnerability on Mastodon.

The security firm Huntress also revealed last week that an exploit of the GoAnywhere vulnerability was the cause of a breach experienced by one of its clients. Huntress claimed the breach was caused by a Russian-speaking threat group called Silence. The group is connected to another group called "TA505", which is a criminal hacking group known for targeted campaigns using Clop ransomware.

Cybersecurity firm Rapid7 conducted an examination of the vulnerability. Their analysis described the bug's exploitability and value to the attacker as "very high" due to the sensitive data that businesses share through GoAnywhere.

CHS was the first to come forward as a victim, but if Clop’s claim is to be believed, there could be many more affected organizations out there. Fortra has released security patches and has urged all GoAnywhere users to update the software immediately to prevent further attacks.

This attack seems to be part of a rising trend of cybercriminal groups attacking American healthcare organizations. In December last year, the data of 3 million patients was stolen from California's Heritage Provider Network (HPN).

About the Author

Keira is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.