« Safety and Security
  

Community Health Systems Experiences Security Incident

The incident was through Fortra, a cybersecurity that Community Health Systems contracts with.

By HFT Staff


This notice provides information regarding a security incident experienced by Fortra, LLC (Fortra), which Fortra reported occurred between January 28, 2023 and January 30, 2023 that resulted in the unauthorized disclosure of personal information. Fortra is a cybersecurity firm that contracts with CHSPSC, LLC (CHSPSC) to provide a secure file transfer software called GoAnywhere. CHSPSC is a professional services company that provides services to hospitals and clinics affiliated with Community Health Systems, Inc. 

Fortra informed CHSPSC it became aware of the incident the evening of January 30, 2023 and took impacted systems offline on January 31, 2023, stopping the unauthorized party’s ability access the system. According to Fortra, the unauthorized party used a previously unknown vulnerability to gain access to Fortra’s systems, specifically Fortra’s GoAnywhere file transfer service platform, compromising sets of files throughout Fortra’s platform. 

CHSPSC received this information from Fortra on February 2, 2023, and immediately began its own investigation of potential impact of the Fortra incident on CHSPSC Affiliate personal information. CHSPSC has determined at this point in its investigation that CHSPSC Affiliate personal information relating to patients, a limited number of employees, and other individuals may have been disclosed to the unauthorized party as a result of the Fortra incident. The personal information may have included full name, address, medical billing and insurance information, certain medical information such as diagnoses and medication, and demographic information such as date of birth and social security number. 

Both CHSPSC and Fortra have been in contact with law enforcement, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), and are supporting law enforcement’s investigation. 

To protect against an incident like this from reoccurring, Fortra informed us that it has deleted the unauthorized party’s accounts, rebuilt the secure file transfer platform with system limitations and restrictions, and produced a patch for the software. CHSPSC has also implemented additional security measures, including immediate steps to implement measures to harden the security of CHSPSC’s use of the GoAnywhere platform. 



March 31, 2023


Topic Area: Safety

Recent Posts

Hand, Foot and Mouth Disease on the Rise

A number of states are reporting an uptick in HFMD, a highly contagious viral illness that primarily affects infants and young children.

Preparing for the Hazards of Winter Weather

Winter is here and healthcare facilities must be ready for inclement weather to prevent slips and falls.

BayCare Reveals Pagidipati Children's Hospital at St. Joseph's

It is a freestanding facility scheduled to open in 2030.

Why Identity Governance Is Becoming a Facilities Management Issue

As healthcare buildings grow more connected, weak identity controls can expose HVAC, security and other critical systems to serious risk.

Habitat Health Opens South Los Angeles PACE Center

The new center strengthens the local care infrastructure, delivering integrated medical, social and in-home care.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.