Heimdal
article featured image

Contents:

Community Health Systems (CHS) reported that an attack targeting a zero-day vulnerability in Fortra’s GoAnywhere platform exposed the data of 1 million of its patients.

Fortra alerted them stating they had been victims of a cyberattack that compromised some of CHS`s data. Researchers discovered the data breach exposed the personal and health information of up to 1 million patients.

Impact of Cyberattack on CHS

For the moment, CHS claims their network was not affected, so they can continue their work as usual.

While that investigation is still ongoing, the Company believes that the Fortra breach has not had any impact on any of the Company’s information systems and that there has not been any material interruption of the Company’s business operations, including the delivery of patient care.

Source

According to the company, data of around one million persons may have been compromised by this zero-day attack. CHS announced it will notify and offer identity theft protection services to all patients affected by the breach.

130 Organizations Affected by GoAnywhere Zero-Day

The Clop ransomware group recently claimed they stole data from over 130 companies after they exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool.

The vulnerability is tracked as CVE-2023-0669 and allows threat actors to obtain remote code execution on unpatched GoAnywhere MFT instances. However, The Clop offered no proof or details regarding their statements.

Still, researchers managed to link the GoAnywhere MFT attacks to the TA505. This malicious group had previously deployed Clop ransomware in its cyberattacks.

CISA Urges U.S. Federal Agencies to Patch Until March 3rd

Fortra, the developer of GoAnywhere MFT, warned its clients that the CVE-2023-0669 new vulnerability was being exploited as a zero-day. They also launched emergency security updates. After they released the patches, Fortra also announced that some of its MFTaaS-hosted instances were also breached.

As a result, CISA put the GoAnywhere MFT vulnerability in the Known Exploited Vulnerabilities Catalog. They also urged all U.S. federal agencies to patch until March 3rd.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube for more cybersecurity news and topics.

Heimdal Official Logo
Automate your patch management routine.

Heimdal® Patch & Asset Management Software

Remotely and automatically install Windows, Linux and 3rd party application updates and manage your software inventory.
  • Schedule updates at your convenience;
  • See any software assets in inventory;
  • Global deployment and LAN P2P;
  • And much more than we can fit in here...
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE