"Community Health Systems Data Breach Caused by GoAnywhere MFT Hack"

Community Health Systems (CHS) is one of the leading healthcare providers in the US. CHS operates 79 acute-care hospitals and over 1,000 other care locations, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers, and ambulatory surgical centers. Threat actors used the zero-day vulnerability, tracked as CVE-2023-0669, in Fortra's GoAnywhere MFT secure file transfer platform to launch an attack against CHS. CHS was recently informed that its third-party provider Fortra had suffered a security breach, which compromised company data. An investigation into whether any CHS systems were compromised revealed that 1 million patients were affected. Researchers at the threat intelligence company Huntress shared the results of their investigation into the exploitation of GoAnywhere MFT and attributed the attacks to the TA505 threat actors. The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) added the GoAnywhere MFT vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog last week, requiring that federal agencies remediate it by March 3, 2023. This article continues to discuss the latest findings regarding the CHS data breach. 

Security Affairs reports "Community Health Systems Data Breach Caused by GoAnywhere MFT Hack"