One of the most prominent healthcare provider firms, Community Health Systems (CHS), confirmed that they are subject to a recent attack that exploited Fortra’s GoAnywhere secure file transfer platform.
CHS admitted earlier this week that Fortra issued an update that it had suffered a security incident that led to some of its data compromises. A follow-up investigation showed that the data breach impacted nearly a million patients’ personal and health information.
Fortunately, the investigation revealed that the Fortra breach had not impacted CHS’s system information. Moreover, there have yet to be material interruptions of Community Health Systems’ business operations.
CHS assured every impacted individual that they would receive remedies to address the situation.
The CHS current estimate of impacted individuals is nearly a million regarding the PHI and PI affected by the Fortra breach. In addition, Community Health Systems’ representative stated that they would offer identity theft protection services and notify all affected individuals whose information was compromised during the cybersecurity incident.
CHS is one of the frontrunners in healthcare provisions as it operates about 79 affiliated acute-care hospitals and more than 1,000 other infrastructures across the US.
In related news, the Cl0p ransomware group claimed that they are the culprit behind the GoAnywhere exploits recently. As of now, the group has allegedly stolen data from more than 130 organisations worldwide.
Cl0p operators also disclosed that they had allegedly stolen the data over ten days after infiltrating the GoAnywhere MFT servers vulnerable to the CVE-2023-0669 vulnerability.
However, the notorious ransomware group did not provide evidence or additional proof of their claims. Hence, researchers could not confirm if they had already started extorting victims.
Fortra has not publicly addressed the situation or released more details regarding the CVE-2023-0669 exploitation and Cl0p’s claims.
Furthermore, a separate researcher discovered links between the TA505 and another GoAnywhere MFT attack recently. This detail strengthens Cl0p’s claims since TA505 is notorious for deploying similar ransomware in its attacks.
