Governance & Risk Management , Healthcare , HIPAA/HITECH

Fortra GoAnyWhere-Related Health Data Breach Tally Climbs

Nearly a Dozen More Breaches Affecting 4.3 Million Recently Reported
Fortra GoAnyWhere-Related Health Data Breach Tally Climbs
The tally of individuals affected in health data breaches involving Fortra's GoAnyWhere secure file transfer compromise is growing. (Image: Fortra)

The tally of individuals whose sensitive information was compromised by the exploitation of a zero-day vulnerability in Fortra's GoAnyWhere secure file transfer software is growing by millions as more entities report heath data breaches to regulators.

See Also: Live Webinar | Cyber Resilience: Recovering from a Ransomware Attack

Companies have acknowledged to federal regulators in recent weeks a dozen breaches involving the Fortra vulnerability, and the count of affected individuals exceeds 4.3 million.

Nine of those breaches - collectively affecting nearly 1 million individuals - were reported separately to the Department of Health and Human Services on April 7 by Brightline, a Palo Alto, California provider of virtual behavioral health coaching and therapy for families and children.

Those disclosures come weeks after insurer Blue Shield of California already reported to regulators a breach affecting more than 63,000 individuals who had accessed Brightline services through it (see: Health Plan, Mental Health Provider Hit by GoAnyWhere Flaw).

The vulnerability in GoAnywhere MFT is a pre-authentication remote code execution flaw in which attackers can exploit the flaw and remotely execute code of their choosing without having to first authenticate in the administrative console.

For the attack to succeed, the administrative console must be internet-exposed. The first known attacks to exploit the flaw began Jan. 25. On Feb. 1, Fortra issued a security alert and mitigation instructions. On Feb. 7, it released version 7.1.2 of GoAnywhere MFT, which patches the flaw.

The Cybersecurity and Infrastructure Security Agency and other federal agencies have urged GoAnywhere MFT users to immediately patch their software.

Ransomware group Clop claimed in February to have exploited the GoAnywhere vulnerability to breach networks used by 130 different organizations. The cybercrime gang took responsibility for over 50 hacks tied to the exploit (see: Clop: GoAnywhere Attacks Have Now Hit 130 Organizations).

At least two other health benefits corporations have also reported large GoAnyWhere incidents to HHS over the last few weeks.

That includes a breach affecting more than 3 million individuals reported by Florida third-party benefits administrator NationsBenefits Holding.

Santa Clara Family Health Plan separately reported a hacking incident affecting 277,000 individuals that also involved its third-party benefits administrator NationsBenefits and the Fortra compromise.

NationsBenefits said it determined Feb. 13 that certain individuals' personal information had been affected in the compromise.

Health plan member data affected by the incident includes name, demographic information and identifiers such as Social Security number as well as medical device or product purchased and caregivers' names.

"Importantly, not every impacted individual had all of these data elements impacted, or the same combination of data elements impacted," NationsBenefits said.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.