On February 15, 2023, Community Health Systems (CHS) disclosed a data breach that impacted the personal information of approximately one million patients. The breach was caused by a vulnerability in Fortra's GoAnywhere managed file transfer (MFT) solution, which CHS uses to transfer patient data.
The unauthorized party exploited a vulnerability in Fortra's GoAnywhere software to gain access to CHS's systems between January 28 and January 30, 2023. The personal information that was exposed includes names, addresses, dates of birth, Social Security numbers, insurance information, treatment information, and medical diagnosis information.
CHS has notified all affected patients and is offering them free credit monitoring and identity theft protection services. The company is also working with law enforcement to investigate the incident.
What happened in the data breach?
The data breach was caused by a vulnerability in Fortra's GoAnywhere managed file transfer (MFT) solution. MFT solutions are used to transfer files securely between different systems. In this case, CHS was using GoAnywhere to transfer patient data between its different systems.
The unauthorized party exploited a vulnerability in GoAnywhere's software to gain access to CHS's systems. Once they had access, they were able to download the personal information of approximately one million patients.
What information was exposed?
The personal information that was exposed includes names, addresses, dates of birth, Social Security numbers, insurance information, treatment information, and medical diagnosis information. This information is highly sensitive and could be used to commit identity theft or other crimes.
What can affected patients do?
CHS has notified all affected patients and is offering them free credit monitoring and identity theft protection services. Patients who believe that their personal information has been compromised should also take the following steps:
Place a fraud alert on their credit report: This will make it more difficult for someone to open new accounts in their name.
Review their credit reports for suspicious activity: They can get a free copy of their credit report from each of the three major credit bureaus once a year at annualcreditreport.com.
Consider freezing their credit reports: This will prevent anyone from opening new accounts in their name without their permission. They can freeze their credit reports by contacting each of the three major credit bureaus.
Be careful about what information they share online: Only share their personal information with websites that they trust.
How can future data breaches be prevented?
There are a number of things that can be done to prevent future data breaches, including:
Implementing strong security measures: This includes using strong passwords, encrypting data, and implementing access controls.
Training employees on cybersecurity best practices: Employees should be taught how to identify and report suspicious activity.
Keeping software up to date: Software updates often include security patches that can help to protect against cyberattacks.
Being vigilant: Healthcare providers should be aware of the latest cybersecurity threats and take steps to mitigate their risk.
By taking these steps, healthcare providers can help to protect their patients' personal information and prevent future data breaches.
Conclusion
The Community Health System data breach is a reminder of the importance of cybersecurity in the healthcare industry. Healthcare providers store and process a vast amount of sensitive patient data, which makes them a prime target for cyberattacks.
By taking steps to implement strong security measures, train employees on cybersecurity best practices, keep software up to date, and be vigilant, healthcare providers can help to protect their patients' personal information and prevent future data breaches.
