Hospitals in Alabama part of Community Health Systems possibly impacted by the Fortra data breach
Learn More
Grandview Medical Center and several other Alabama hospitals are at risk of being impacted by a security breach that potentially exposed sensitive personal information, including social security numbers and more.
The incident was reported by Community Health Systems (CHSPSC), which provides professional services to hospitals and clinics affiliated with the Community Health Systems network. The security breach occurred between January 28 and January 30 and was caused by Fortra whose GoAnywhere Managed File Trasnfer program was compromised.
According to the notice issued by CHSPSC, both individuals who received services at any of the CHSPSC affiliates as well as afamily members or guarantors of patients may have been affected by this breach. The list of affected Alabama entities includes
- Crestwood Medical Center in Huntsville,
- Flowers Hospital in Dothan,
- Gadsden Regional Medical Center in Gadsden,
- Grandview Medical Center in Birmingham,
- Medical Center Enterprise in Enterprise,
- South Baldwin Regional Medical Center in Foley.
The compromised personal information could include
- full names,
- addresses,
- medical billing and insurance details,
- specific medical information like diagnoses and medications,
- demographic information such as date of birth
- social security numbers.
Both CHSPSC and Fortra have taken the breach seriously and have engaged with law enforcement agencies, including the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA).
To support those affected by the breach, CHSPSC is offering ID restoration and credit monitoring services at no cost for a period of 24 months, as required by applicable state law. The services will be provided through Experian, and additional information about these services will be included in the letters notifying those affected.
Fortra has taken measures to prevent similar incidents from happening in the future. They have deleted the unauthorized party's accounts and have reset the secure file transfer platform with additional system limitations and restrictions. Furthermore, they have issued software patches to address vulnerabilities.
