« Safety and Security
  

Community Health Systems Experiences Security Incident

The incident was through Fortra, a cybersecurity that Community Health Systems contracts with.

By HFT Staff


This notice provides information regarding a security incident experienced by Fortra, LLC (Fortra), which Fortra reported occurred between January 28, 2023 and January 30, 2023 that resulted in the unauthorized disclosure of personal information. Fortra is a cybersecurity firm that contracts with CHSPSC, LLC (CHSPSC) to provide a secure file transfer software called GoAnywhere. CHSPSC is a professional services company that provides services to hospitals and clinics affiliated with Community Health Systems, Inc. 

Fortra informed CHSPSC it became aware of the incident the evening of January 30, 2023 and took impacted systems offline on January 31, 2023, stopping the unauthorized party’s ability access the system. According to Fortra, the unauthorized party used a previously unknown vulnerability to gain access to Fortra’s systems, specifically Fortra’s GoAnywhere file transfer service platform, compromising sets of files throughout Fortra’s platform. 

CHSPSC received this information from Fortra on February 2, 2023, and immediately began its own investigation of potential impact of the Fortra incident on CHSPSC Affiliate personal information. CHSPSC has determined at this point in its investigation that CHSPSC Affiliate personal information relating to patients, a limited number of employees, and other individuals may have been disclosed to the unauthorized party as a result of the Fortra incident. The personal information may have included full name, address, medical billing and insurance information, certain medical information such as diagnoses and medication, and demographic information such as date of birth and social security number. 

Both CHSPSC and Fortra have been in contact with law enforcement, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), and are supporting law enforcement’s investigation. 

To protect against an incident like this from reoccurring, Fortra informed us that it has deleted the unauthorized party’s accounts, rebuilt the secure file transfer platform with system limitations and restrictions, and produced a patch for the software. CHSPSC has also implemented additional security measures, including immediate steps to implement measures to harden the security of CHSPSC’s use of the GoAnywhere platform. 



March 31, 2023


Topic Area: Safety

Recent Posts

Cleanliness in Hospitals: Clinical Priority and Community Perception

EVS managers and communities value cleanliness for complementary reasons: managers for safety and compliance, communities for trust and comfort.

Dana-Farber Receives $50M Gift for Planned Cancer Hospital

A $50 million grant from the Yawkey Foundation will support construction of Dana-Farber Cancer Institute’s planned 450,000-square-foot cancer hospital.

Clarinda Regional Health Center Reports Data Security Incident

On or around December 15, 2025, Clarinda learned that certain data within its network may have been accessed without authorization.

Gaps in Nurses' Environmental Cleaning Knowledge Grow Amid Rising EVS Pressures

Environmental cleaning is crucial in preventing HAIs, but when the responsibility falls to those outside of EVS teams, problems arise. 

Ground Broken on the Southern Nevada Forensic Facility

Construction on the new secure forensic psychiatric hospital is expected to be completed in 2029.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.