Community Health Systems Experiences Security Incident

The incident was through Fortra, a cybersecurity that Community Health Systems contracts with.

By HFT Staff
March 31, 2023

This notice provides information regarding a security incident experienced by Fortra, LLC (Fortra), which Fortra reported occurred between January 28, 2023 and January 30, 2023 that resulted in the unauthorized disclosure of personal information. Fortra is a cybersecurity firm that contracts with CHSPSC, LLC (CHSPSC) to provide a secure file transfer software called GoAnywhere. CHSPSC is a professional services company that provides services to hospitals and clinics affiliated with Community Health Systems, Inc. 

Fortra informed CHSPSC it became aware of the incident the evening of January 30, 2023 and took impacted systems offline on January 31, 2023, stopping the unauthorized party’s ability access the system. According to Fortra, the unauthorized party used a previously unknown vulnerability to gain access to Fortra’s systems, specifically Fortra’s GoAnywhere file transfer service platform, compromising sets of files throughout Fortra’s platform. 

CHSPSC received this information from Fortra on February 2, 2023, and immediately began its own investigation of potential impact of the Fortra incident on CHSPSC Affiliate personal information. CHSPSC has determined at this point in its investigation that CHSPSC Affiliate personal information relating to patients, a limited number of employees, and other individuals may have been disclosed to the unauthorized party as a result of the Fortra incident. The personal information may have included full name, address, medical billing and insurance information, certain medical information such as diagnoses and medication, and demographic information such as date of birth and social security number. 

Both CHSPSC and Fortra have been in contact with law enforcement, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), and are supporting law enforcement’s investigation. 

To protect against an incident like this from reoccurring, Fortra informed us that it has deleted the unauthorized party’s accounts, rebuilt the secure file transfer platform with system limitations and restrictions, and produced a patch for the software. CHSPSC has also implemented additional security measures, including immediate steps to implement measures to harden the security of CHSPSC’s use of the GoAnywhere platform. 

See the latest posts on our homepage Share

Topic Area: Safety

Recent Posts
Recent Posts

Can Adding Moisturizer to Hand Soaps Help Fight Skin Irritation from Frequent Handwashing?

Soap manufacturers join to discuss what kind of moisturizers can be included in hand soaps.


Albany ENT & Allergy Services Targeted by Two Ransomware Groups

The protected health information of over 220,000 individuals was accessed.


Novant Health Breaks Ground on Scotts Hill Medical Center Project

The new facility aims to be a one-stop healthcare destination.


Heat Pump Installation Reduces Costs, Improves Efficiencies

University Health Network’s Bickle Center finds success with heat recovery alternative.


Man Dies After Falling Out of Hospital Window

A man fell out of a hospital window after threatening hospital staff and a police officer.



News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You Might Like