Data Breach At Health Care Provider, and More Than 100 Other Companies

Tennessee-based Community Health Systems, a huge healthcare provider with more that 70 hospitals in 16 states, has confirmed that hackers have stolen the personal and protected health information of as many as one million patients. According to its filing with regulators, the data breach occurred due to its use of a file-transfer software called GoAnywhere MFT, developed by Fortra, and previously known as HelpSystems. It is commonly used by big businesses to share and send large sets of data securely. Community Health Systems said the developer recently notified it of the incident that resulted in the unauthorized disclosure of patient data. A Russian ransomware gang has claimed responsibility, and says it is using new zero-day technology in a hacking campaign that has already breached more than one hundred organizations (none except Community Health have come forward as of Feb. 15). The zero-day vulnerability in Fortra’s GoAnywhere software was revealed by a security journalist on February 2. Fortra had issued a security advisory a day earlier, but it was not accessible from its public website. Users had to create a Fortra account in order to access it, a move that has been criticized by cybersecurity experts.