1 Million Patients Affected by GoAnyWhere MFT Hack

A multistate hospital chain disclosed to federal regulators a cybersecurity incident involving secure file transfer software that compromised the data of about 1 million patients.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

Community Health Systems, which operates nearly 80 hospitals in 16 states, told the U.S. Securities and Exchange Commission that the incident stems from its use of Fortra’s GoAnyWhere software. The Tennessee-based chain says Fortra “recently” notified the company of an incident that resulted in the unauthorized disclosure of patient data.

“As a result of the security breach experienced by Fortra, protected health information and personal Information of certain patients of the company’s affiliates were exposed by Fortra’s attacker,” the filing says.

While the investigation is ongoing, CHS says that so far it does not believe any of its systems were affected and that there has not been any material interruption of the company’s business operations, including the delivery of patient care.

Fortra’s GoAnyWhere managed file transfer software was the subject of a security alert issued by the company on Feb. 1. The Cybersecurity and Infrastructure Security Agency nine days later included the vulnerability in its catalog of known exploited vulnerabilities.

CISA describes the GoAnyWhere flaw as involving a “pre-authentication command injection vulnerability in the License Response…