Posted On March 11, 2023 Consumer Privacy & Data Breaches
March 11, 2023 – After learning that a cybersecurity incident at one of the company’s contractors exposed patient information to unauthorized access, Community Health Systems Professional Services Corporation (“CHSPSC, Inc.”) filed a notice of data breach with the Maine Attorney General’s Office on March 8, 2023. According to the company’s report, the event led to illegal access to the first and last names, dates of birth, addresses, Social Security numbers, medical information, insurance information, and medical billing information of the affected consumers. Community Health Services started notifying everyone affected by the recent data security issue of the data breach after establishing that consumer data had been exposed.
The data breach lawyers of Console & Associates, P.C. are conducting an investigation into the data breaches at CHSPSC and Fortra. Anyone intending to commit fraud or identity theft may now have access to your private information if you have received a breach notification. If you have any questions about what to do next, how to protect yourself in the future, or whether you can file a lawsuit against these organizations for financial losses as a result of the data breach, give us a call for a free consultation.
Located in Eden Prairie, Minnesota, Fortra is a cybersecurity business. Also, the business offers cybersecurity consulting services. Over 3,000 individuals work for Fortra, bringing in about $800 million annually.
CHSPSC, Inc., based in Franklin, Tennessee, offers services to Community Health Systems, Inc.-affiliated hospitals and clinics. One of the biggest hospital operators in the US, Community Health Services, runs 76 facilities across 16 states. More than 51,000 people are employed by Community Health Systems, which brings in about $12 billion annually.
According to the company’s report to the Maine Attorney General, the event at Fortra, a cybersecurity company that supplies CHSPSC with software, was responsible for the breach. Fortra experienced a security breach between January 28, 2023 and January 30, 2023 that led to the illegal disclosure of sensitive data. As a result, Forta shut down its systems, preventing the unauthorized users from accessing the company’s network. On February 2, 2023, Fortra informed CHSPSC of the occurrence. In reaction, Fortra and CHSPSC both started an investigation into the incident to see if any private consumer information was exposed.
CHSPSC examined affected files to identify what information was hacked and which customers were impacted after it was discovered that private consumer information had been made accessible to an unauthorized entity. Although this procedure is still in progress, according to CHSPSC, the compromised data may have included your first and last name, date of birth, address, Social Security number, medical information, insurance information, and medical billing information
On March 8, 2023, CHSPSC sent data breach notification letters to anyone who was impacted by the cybersecurity incident.
People likely had no reservations about disclosing their private information to organizations like Community Health Systems Professional Services Corporation because they trusted the company to protect it, as is the case with the majority of healthcare organizations. Both Fortra and CHSPSC were responsible for ensuring that hackers who wanted to perpetrate other crimes, such as fraud and identity theft, didn’t get their hands on your information. You may be able to file a data breach lawsuit against either of these businesses for compensation for any monetary losses sustained as a result of the breach if it is discovered over the course of the investigation that either of these businesses was careless in securing your data.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the CHSPSC, Inc. data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the notice posted on their website:
This notice provides information regarding a security incident experienced by Fortra, LLC (“Fortra”), which Fortra reported occurred between January 28, 2023 and January 30, 2023 that resulted in the unauthorized disclosure of personal information. Fortra is a cybersecurity firm that contracts with CHSPSC, LLC (“CHSPSC”) to provide a secure file transfer software called GoAnywhere. CHSPSC is a professional services company that provides services to hospitals and clinics affiliated with Community Health Systems, Inc. (“CHSPSC Affiliates”).
Fortra informed us it became aware of the incident the evening of January 30, 2023 and took impacted systems offline on January 31, 2023, stopping the unauthorized party’s ability access the system. According to Fortra, the unauthorized party used a previously unknown vulnerability to gain access to Fortra’s systems, specifically Fortra’s GoAnywhere file transfer service platform, compromising sets of files throughout Fortra’s platform.
CHSPSC received this information from Fortra on February 2, 2023, and immediately began its own investigation of potential impact of the Fortra incident on CHSPSC Affiliate personal information. CHSPSC has determined at this point in its investigation that CHSPSC Affiliate personal information relating to patients, a limited number of employees, and other individuals may have been disclosed to the unauthorized party as a result of the Fortra incident. The personal information may have included full name, address, medical billing and insurance information, certain medical information such as diagnoses and medication, and demographic information such as date of birth and social security number.
Both CHSPSC and Fortra have been in contact with law enforcement, including the Federal Bureau of Investigation (“FBI”) and the Cybersecurity and Infrastructure Security Agency (“CISA”), and are supporting law enforcement’s investigation.
To protect against an incident like this from reoccurring, Fortra informed us that it has deleted the unauthorized party’s accounts, rebuilt the secure file transfer platform with system limitations and restrictions, and produced a patch for the software. CHSPSC has also implemented additional security measures, including immediate steps to implement measures to harden the security of CHSPSC’s use of the GoAnywhere platform.
CHSPSC is making available ID restoration and credit monitoring services for the period required by applicable state law, which will be 24 months, at no cost to you, through Experian® to all potentially affected individuals who enroll. For individuals who would like to enroll in these services or who have questions related to this incident, CHSPSC has established a toll free response line that can be reached at 8009067947, and is available Monday through Friday from 8 am – 10 pm Central, or Saturday and Sunday from 10 am – 7 pm Central (excluding major U.S. holidays). If you are interested in enrolling in these services, the deadline to enroll is June 30, 2023. Be prepared to provide your engagement number:adults use B086999 and minors use [Redacted]. You may also enroll online using the instructions provided in our FAQs further below.
This notice also provides other precautionary measures you can take to protect your personal information, including placing a fraud alert and security freeze on your credit files and obtaining a free credit report. Additionally, you should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis. See “What else can you do to protect your personal information?” below.
Please be assured we are committed to protecting personal information. We share your frustration with this security incident, and we apologize for any inconvenience it this may cause you. We are working very hard to limit the impact of the Fortra incident on you. If you have further questions or concerns, please call 8009067947. Please refer to hours and engagement numbers above.