Community Health Systems hit with ransomware attack, 1 million patients' PHI accessed

Community Health Systems (CHS), one of the largest healthcare providers in the United States, has confirmed this week that they have been hit with a cyberattack. The cyber threat actors accessed the personal and protected health information of up to 1 million patients in a new ransomware attack. CHS has 80 hospitals in 16 states and is headquartered in Tennessee.

The data breach stems from a popular file transfer software called GoAnywhere MFT (developed by Fortra – previously known as HelpSystems), which allows large organizations to share data securely. CHS said that Fortra recently notified them of a security incident that resulted in the unauthorized disclosure of patient data.

Community Health Systems disclosed the attack in a filing with government regulators on February 13.

This is the second known breach of patient data in recent years at Community Health Systems, according to TechCrunch.

Russian-linked ransomware cybercrime group Clop has taken responsibility for exploiting the new zero-day in a hacking campaign. They allegedly have breached over a hundred organizations using the Fortra software, including CHS.

The zero-day vulnerability in Fortra’s GoAnywhere software is formally tracked as CVE-2023-0669, and was first reported by security journalist Brian Krebs on February 2. Krebs shared the vulnerability disclosure on his Mastodon account, which at the time was not publicly available on Fortra’s website.

The Clop ransomware group has previously attacked public organizations and businesses such as Qualys, Shell, the University of Colorado, Kroger and Morgan Stanley, according to TechCrunch.

Ransomware within the medical community—especially in a large, multi-state hospital unit—can have rare, but deadly consequences. As reported by the MIT Technology Review, a patient had died after a ransomware attack disrupted emergency surgeries at Düsseldorf University Hospital in Germany in September, 2020.

Ransomware is a multi-billion criminal industry, that is largely funded by cryptocurrency transactions as a method of payment for decrypting victims’ data.