Connect with us

Hi, what are you looking for?

Tech & Science

US health giant suffers significant data breach

When the admin console is accessible via the Internet, it’s only a matter of time before data is breached.

Image: © AFP
Image: © AFP

A significant data breach has impacted the healthcare giant Community Health Systems (CHS). This is to the extent that up to one million people have been impacted. The data breach has been identified as arising from file-transfer software called GoAnywhere MFT, developed by Fortra.

“As a result of the security breach experienced by Fortra, protected health information and personal information of certain patients of the company’s affiliates were exposed by Fortra’s attacker,” according to a spokesperson from Community Health Systems.

Looking into the matter for Digital Journal is , Almog Apirion, CEO and Co-Founder of Cyolo.

For Apirion  this issue represents another cyber-swipe against the healthcare and medical communities. This sector represents a continual target for those seeking to capture personal data.

As Apirion  explains: “Healthcare organizations are unfortunately no stranger to cyberattacks and data breaches. Institutions like Community Health Systems (CHS) are an attractive target for threat actors due to their troves of personal information and their reliance on third parties both for cybersecurity and other aspects of their work.”

In terms of the mode of attack, Apirion describes: “The reality is that when hackers exploit vulnerabilities in third-party security tools, the lives and privacy of patients are put at risk. Interoperability is vital for successful healthcare delivery, so a Managed File Transfer (MFT) is a needed solution.”

MFT is a technology platform that allows organizations to reliably exchange electronic data between systems and people in a secure way that goes someway to meeting business compliance needs.

There are inherent weaknesses, as identified by Apirion: “When the admin console is accessible via the Internet, it’s only a matter of time before data is breached. Any connection to a sensitive data source must be properly managed and secured.”

There are measures that healthcare institutions could and should adopt. Apirion defines these as: “Zero-Trust Access strategies should be employed to support the needed connections, especially between care delivery partners. This is especially useful when critical applications, like MFT, need to be connected to the Internet.”

In outlining the benefits of these types of approaches, Apirion surmises: “Having the ability to restrict access and keep the application hidden will go a long way to preventing this type of breach in the future.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Digital Journal announced as official media partner for Innovation Week in Calgary.

Tech & Science

The Nobel Prize in Physics was awarded to two scientists for discoveries that laid the groundwork for the artificial intelligence.

World

Kamala Harris has taken a slim lead over Donald Trump in the US presidential race, a new poll showed.

World

Meanwhile, just get out, now. This thing obviously means business.