Community Health Network, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Community Health Network, Inc. (CHN) experienced a data breach that was first identified on September 19, 2023, when it was discovered that one email account within their network had been compromised by an unauthorized third party[1]. The breach was part of a larger incident involving the GoAnywhere managed file transfer (MFT) solution by Fortra, which was exploited due to a vulnerability (CVE-2023-0669). This vulnerability allowed unauthorized disclosure of company data, including the protected health information (PHI) of approximately one million individuals[3].
The compromised information included full names, addresses, medical billing and insurance information, certain medical information such as diagnoses and medication, and demographic information such as birthdates and Social Security numbers[8]. Community Health Systems (CHS), which operates 79 hospitals across 16 states, was one of the affected entities and began notifying up to 1 million individuals about the breach[12].
CHS took immediate action to investigate the breach, including determining the impact on their information systems and whether there was any material interruption of their business operations, including the delivery of patient care. While the investigation was ongoing, CHS believed that the breach did not impact any of the company’s information systems and that there had not been any material interruption of their operations[3].
Fortra patched the vulnerability on February 7, 2023, and CHS ensured that appropriate notifications would be provided to affected individuals, as well as to regulatory agencies as required by federal and state law. CHS also offered identity theft protection services to individuals affected by the attack[3].
It is important to note that there are multiple entities with similar names, such as Community Healthcare Network, Inc. (CHN) in New York City, which also reported a data privacy incident that may have impacted individuals’ information[4]. However, the breach involving the GoAnywhere MFT vulnerability specifically pertains to Community Health Systems and its affiliates[3][8][12].
Citations:
- https://www.ecommunity.com/notice-regarding-data-breach
- https://winknews.com/2023/05/12/data-breach-at-community-health-systems-puts-1-2-million-patients-at-risk/
- https://healthitsecurity.com/news/community-health-systems-impacted-by-data-breach-tied-to-goanywhere-mft-vulnerability
- https://www.chnnyc.org/notice-of-data-incident/
- https://www.ecommunity.com
- https://www.ecommunity.com/notice-third-party-tracking-technology-data-breach/faqs
- https://casetext.com/case/zd-v-cmty-health-network-inc-1
- https://www.bankinfosecurity.com/chs-to-notify-1-million-in-breach-linked-to-software-flaw-a-21405
- https://www.northwell.edu
- https://www.jdsupra.com/legalnews/community-healthcare-network-notifies-5438520/
- https://www.pahomepage.com/news/data-breach-impacts-community-health-systems-hospitals/
- https://www.hipaajournal.com/community-health-systems-goanywhere-data-breach/
- https://www.daytondailynews.com/business/soin-family-suing-kettering-health-for-alleged-breach-of-contract-over-naming-rights/WDO475ACSZDBZN3LXPFPWV3JMM/
- https://fox59.com/indiana-news/community-health-network-to-pay-345-million-in-response-to-false-claims-act-violations/
- https://www.ibj.com/articles/indianas-high-court-to-consider-privacy-in-bizarre-community-health-case
- https://www.databreachtoday.com/community-health-systems-faces-lawsuit-a-7238
- https://www.upmchealthplan.com
- https://www.healthcareitnews.com/news/community-health-network-reports-online-tracking-data-breach-affecting-15-million
- https://www.databreachtoday.com
- https://healthitsecurity.com/news/community-health-network-notifies-1.5m-of-data-breach-stemming-from-tracking-tech
- https://www.torrancememorial.org
- https://www.wthr.com/article/news/health/community-health-network-third-party-data-breach/531-130c8116-9d8f-4930-bf84-ec2604490fdc
- https://www.tricare.mil
- https://fox59.com/indiana-news/community-health-network-notifies-patients-of-data-breach/
- https://atriumhealth.org