US Health Department Ensnared by MOVEit Hacking Campaign (1)

The US Department of Health and Human Services was ensnared by a sweeping hacking campaign that exploited a flaw in file-transfer software called MOVEit, according to an official with the department.

The attackers gained access to data by exploiting MOVEit software used by third-party vendors, the official said, adding that no HHS systems or networks were compromised. Congress was notified of a “major incident” on June 27, according to the official, indicating it may involve exposure of data from 100,000 or more people.

However, HHS has no evidence to suggest internal email communications have been compromised, the official said.

HHS ...