EYEWITNESS NEWS (WBRE/WYOU) — Community Health Systems (CHS) is issuing a warning after unauthorized access of personal information was detected.
CHS said they were notified by Fortra, LLC, a contracted cyber security firm, that an unauthorized party accessed personal information on their system between January 28 and January 30 of 2023.
Fortra LLC provides secure file transfer software called GoAnywhere to CHSPSC LLC, a professional service company that provides services to hospitals and clinics affiliated with Community Health Systems.
According to its website, CHS operates three hospitals in Pennsylvania. Regional Hospital of Scranton, Moses Taylor Hospital in Scranton, and Wilkes-Barre General Hospital.
“Fortra informed us it became aware of the incident the evening of January 30, 2023 and took impacted systems offline on January 31, 2023, stopping the unauthorized party’s ability access the system. According to Fortra, the unauthorized party used a previously unknown vulnerability to gain access to Fortra’s systems, specifically Fortra’s GoAnywhere file transfer service platform, compromising sets of files throughout Fortra’s platform,” CHS said on their website.
According to the information released, CHSPSC started its own investigation into the extent of the incident that they say disclosed the personal information of patients, a limited number of employees, and other individuals. CHS says you may have been affected if you’ve received services at one of the CHSPSC affiliates, or are a family member or guarantor to a patient. You can visit the CHS website for a list of affiliates and links to their websites.
Information that may have been accessed includes names, addresses, medical billing, insurance information, diagnoses, medication, and demographic information such as date of birth and social security number, according to CHS.
Both CHSPSC and Fortra say they have contacted police, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
“To protect against an incident like this from reoccurring, Fortra informed us that it has deleted the unauthorized party’s accounts, rebuilt the secure file transfer platform with system limitations and restrictions, and produced a patch for the software. CHSPSC has also implemented additional security measures, including immediate steps to implement measures to harden the security of CHSPSC’s use of the GoAnywhere platform” CHS added.
CHSPSC says it is offering free ID restoration and credit monitoring for two years through Experian. Individuals whose personal information was compromised are being notified directly via U.S. mail. Anyone with questions can call 1-800-906-7947. You can also visit Community Health System’s website for more information.