Community Health Systems of Franklin, Tennessee reported to the SEC that they were breached via GoAnywhere MFT, a managed file transfer product by Fortra. 1 million patients’ data were stolen including protected health information as defined by HIPAA, as well as patients’ personal information.
Evidence the ransomware group ‘Clop’ may have been behind the breach was reported by BleepingComputer, as the criminals took responsibility for using the same vulnerability (CVE-2023-0669) to allegedly hack 130 other organizations. Fortra patched the vulnerability with their 7.1.2 update of the software released on February 7th.