Search This Blog

Powered by Blogger.

Blog Archive

Labels

Ransomware Group Siphons Data of 1 Million Patients Using a New Zero-Day Flaw

Hackers gained access to the protected and personal health information of up to 1 million individuals.

 

One of the biggest healthcare organisations in the United States, Community Health Systems (CHS), has acknowledged this week that they had been the target of a cyberattack. In a recent ransomware attack, hackers gained access to the protected and personal health information of up to 1 million individuals. Tennessee is the home of CHS, which operates 80 hospitals across 16 states. 

GoAnywhere MFT, a well-known file transfer programme created by Fortra (formerly HelpSystems), which enables big businesses to share data safely, is to blame for the data breach. According to CHS, Fortra just informed them of a security incident that led to the unapproved disclosure of patient data. 

In a filing with government officials on February 13, Community Health Systems revealed the hack. As noted by TechCrunch, this is Community Health Systems' second recent data breach involving patient information.

The newly discovered zero-day vulnerability was used in a hacking campaign by the Russian-affiliated ransomware cybercrime outfit Clop. Almost a hundred businesses utilising the Fortra software, including CHS, are said to have been compromised.

CVE-2023-0669 is the official tracking number for the zero-day flaw in Fortra's GoAnywhere software, which was first discovered on February 2 by security expert Brian Krebs. Because Fortra's website at the time was not publicly accessible, Krebs posted the vulnerability report on his Mastodon account. 

The University of Colorado, Kroger, Morgan Stanley, and Qualys are just a few of the public institutions and commercial targets that the Clop ransomware group has previously targeted. 

In the medical field, ransomware can occasionally but severely result in fatal outcomes, especially in a large, multi-state hospital unit. A patient lost their life in September 2020 at Düsseldorf University Hospital in Germany as a result of a ransomware outbreak that prevented emergency surgery. 

Using cryptocurrency transactions as a means of payment for the decryption of victims' data, ransomware has grown into a multi-billion dollar criminal industry.
Share it:

Data Breach

Data Leak

Healthcare Data

Healthcare Firm

Ransomware attack

User Privacy