« Safety and Security
  

Community Health Systems Experiences Security Incident

The incident was through Fortra, a cybersecurity that Community Health Systems contracts with.

By HFT Staff


This notice provides information regarding a security incident experienced by Fortra, LLC (Fortra), which Fortra reported occurred between January 28, 2023 and January 30, 2023 that resulted in the unauthorized disclosure of personal information. Fortra is a cybersecurity firm that contracts with CHSPSC, LLC (CHSPSC) to provide a secure file transfer software called GoAnywhere. CHSPSC is a professional services company that provides services to hospitals and clinics affiliated with Community Health Systems, Inc. 

Fortra informed CHSPSC it became aware of the incident the evening of January 30, 2023 and took impacted systems offline on January 31, 2023, stopping the unauthorized party’s ability access the system. According to Fortra, the unauthorized party used a previously unknown vulnerability to gain access to Fortra’s systems, specifically Fortra’s GoAnywhere file transfer service platform, compromising sets of files throughout Fortra’s platform. 

CHSPSC received this information from Fortra on February 2, 2023, and immediately began its own investigation of potential impact of the Fortra incident on CHSPSC Affiliate personal information. CHSPSC has determined at this point in its investigation that CHSPSC Affiliate personal information relating to patients, a limited number of employees, and other individuals may have been disclosed to the unauthorized party as a result of the Fortra incident. The personal information may have included full name, address, medical billing and insurance information, certain medical information such as diagnoses and medication, and demographic information such as date of birth and social security number. 

Both CHSPSC and Fortra have been in contact with law enforcement, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), and are supporting law enforcement’s investigation. 

To protect against an incident like this from reoccurring, Fortra informed us that it has deleted the unauthorized party’s accounts, rebuilt the secure file transfer platform with system limitations and restrictions, and produced a patch for the software. CHSPSC has also implemented additional security measures, including immediate steps to implement measures to harden the security of CHSPSC’s use of the GoAnywhere platform. 



March 31, 2023


Topic Area: Safety

Recent Posts

Building Envelope Design: Beyond Energy Efficiency

An integrated approach to envelope design can create more comfortable and energy-efficient hospitals.

Outpatient Surge Reshapes Long-Term Strategy for Medical Outpatient Buildings

Demographic tailwinds, policy uncertainty and shifting care models are pushing health systems to rethink how and where they invest in outpatient facilities.

Mercy Medical Center to Be Integrated into Baystate Health

Until the transition is complete and receives all regulatory approvals, Mercy Medical Center and Baystate Health will continue to operate independently.

Managing IAQ in Healthcare Facilities During Wildfires

Wildfires are becoming more prevalent across the country. Facilities must be prepared to handle their effects on air quality. 

Building Hospital Resilience in an Era of Extreme Weather

Expert Jennifer Mahan discusses the vulnerabilities healthcare facilities face during disasters and the infrastructure strategies that keep operations running.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.