![]() “A zero-day remote code injection exploit was identified in GoAnywhere MFT,” Fortra said in its hidden advisory. Rather, users had to create a Fortra account in order to access the vulnerability report, a move that has been roundly criticized by cybersecurity experts. In a post on Mastodon, Krebs shared the full text of Fortra’s security advisory, issued a day earlier, which is not accessible from its public website. What is the GoAnywhere vulnerability?ĭetails of the zero-day vulnerability in Fortra’s GoAnywhere software - tracked as CVE-2023-0669 - were first flagged by security journalist Brian Krebs on February 2. Thankfully, security experts have shared a bunch of information about the zero-day and what you can do to protect against it. While CHS has been quick to come forward as a victim, Clop’s claim suggests there could be dozens more affected organizations out there - and if you’re one of the thousands of GoAnywhere users, your company could be among them. ![]() The Russia-linked ransomware gang Clop has reportedly taken responsibility for exploiting the new zero-day in a new hacking campaign and claims to have already breached over a hundred organizations that use Fortra’s file-transfer technology - including CHS. This is CHS’ second-known breach of patient data in recent years. The healthcare giant added that it would offer identity theft protection services and notify all affected individuals whose information was exposed, but said there had been no material interruption to its delivery of patient care.ĬHS hasn’t said what types of data were exposed and a spokesperson has not yet responded to TechCrunch’s questions. “As a result of the security breach experienced by Fortra, protected health information and personal information of certain patients of the company’s affiliates were exposed by Fortra’s attacker,” according to the filing by Community Health Systems, which was first spotted by. Community Health Systems said that Fortra recently notified it of a security incident that resulted in the unauthorized disclosure of patient data. The Tennessee-based healthcare giant said in a filing with government regulators that the data breach stems from its use of a popular file-transfer software called GoAnywhere MFT, developed by Fortra (previously known as HelpSystems), which is deployed by large businesses to share and send large sets of data securely. A prolific ransomware operation is back with old tricks - and new victims.Ĭommunity Health Systems (CHS), one of the largest healthcare providers in the United States with close to 80 hospitals in 16 states, confirmed this week that criminal hackers accessed the personal and protected health information of up to 1 million patients.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |