Contents:
Community Health Systems (CHS) reported that an attack targeting a zero-day vulnerability in Fortra’s GoAnywhere platform exposed the data of 1 million of its patients.
Fortra alerted them stating they had been victims of a cyberattack that compromised some of CHS`s data. Researchers discovered the data breach exposed the personal and health information of up to 1 million patients.
Impact of Cyberattack on CHS
For the moment, CHS claims their network was not affected, so they can continue their work as usual.
While that investigation is still ongoing, the Company believes that the Fortra breach has not had any impact on any of the Company’s information systems and that there has not been any material interruption of the Company’s business operations, including the delivery of patient care.
According to the company, data of around one million persons may have been compromised by this zero-day attack. CHS announced it will notify and offer identity theft protection services to all patients affected by the breach.
130 Organizations Affected by GoAnywhere Zero-Day
The Clop ransomware group recently claimed they stole data from over 130 companies after they exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool.
The vulnerability is tracked as CVE-2023-0669 and allows threat actors to obtain remote code execution on unpatched GoAnywhere MFT instances. However, The Clop offered no proof or details regarding their statements.
Still, researchers managed to link the GoAnywhere MFT attacks to the TA505. This malicious group had previously deployed Clop ransomware in its cyberattacks.
CISA Urges U.S. Federal Agencies to Patch Until March 3rd
Fortra, the developer of GoAnywhere MFT, warned its clients that the CVE-2023-0669 new vulnerability was being exploited as a zero-day. They also launched emergency security updates. After they released the patches, Fortra also announced that some of its MFTaaS-hosted instances were also breached.
As a result, CISA put the GoAnywhere MFT vulnerability in the Known Exploited Vulnerabilities Catalog. They also urged all U.S. federal agencies to patch until March 3rd.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube for more cybersecurity news and topics.
Heimdal® Patch & Asset Management Software
- Schedule updates at your convenience;
- See any software assets in inventory;
- Global deployment and LAN P2P;
- And much more than we can fit in here...