« Safety and Security
  

Community Health Systems Experiences Security Incident

The incident was through Fortra, a cybersecurity that Community Health Systems contracts with.

By HFT Staff


This notice provides information regarding a security incident experienced by Fortra, LLC (Fortra), which Fortra reported occurred between January 28, 2023 and January 30, 2023 that resulted in the unauthorized disclosure of personal information. Fortra is a cybersecurity firm that contracts with CHSPSC, LLC (CHSPSC) to provide a secure file transfer software called GoAnywhere. CHSPSC is a professional services company that provides services to hospitals and clinics affiliated with Community Health Systems, Inc. 

Fortra informed CHSPSC it became aware of the incident the evening of January 30, 2023 and took impacted systems offline on January 31, 2023, stopping the unauthorized party’s ability access the system. According to Fortra, the unauthorized party used a previously unknown vulnerability to gain access to Fortra’s systems, specifically Fortra’s GoAnywhere file transfer service platform, compromising sets of files throughout Fortra’s platform. 

CHSPSC received this information from Fortra on February 2, 2023, and immediately began its own investigation of potential impact of the Fortra incident on CHSPSC Affiliate personal information. CHSPSC has determined at this point in its investigation that CHSPSC Affiliate personal information relating to patients, a limited number of employees, and other individuals may have been disclosed to the unauthorized party as a result of the Fortra incident. The personal information may have included full name, address, medical billing and insurance information, certain medical information such as diagnoses and medication, and demographic information such as date of birth and social security number. 

Both CHSPSC and Fortra have been in contact with law enforcement, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), and are supporting law enforcement’s investigation. 

To protect against an incident like this from reoccurring, Fortra informed us that it has deleted the unauthorized party’s accounts, rebuilt the secure file transfer platform with system limitations and restrictions, and produced a patch for the software. CHSPSC has also implemented additional security measures, including immediate steps to implement measures to harden the security of CHSPSC’s use of the GoAnywhere platform. 



March 31, 2023


Topic Area: Safety

Recent Posts

EV Charging Stations: Planning for Safety, Convenience, Expansion

Managers need to ensure patient access, coordinate with clinical operations and ensure every phase of construction supports the facility's mission.

Why Ambulatory Surgery Centers Are Turning to Dedicated HVAC Systems

Design experts from Neenan Archistruction explain how single-unit HVAC systems for each operating room enhance infection control, comfort, and resiliency.

Ground Broken on UW Health University Row Medical Center

Construction is expected to be completed by the end of 2027.

Better, More Thorough Cleaning Saves Lives

Cleanliness is the first line of defense to protect patients from killer pathogens, but many hospitals refuse to make it a priority.

Encompass Health Opens the Rehabilitation Hospital of Amarillo

The 50-bed inpatient rehabilitation hospital is now accepting patients.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.