Introduction

Are you one of the people across America who rely on Community Health Systems?

CHS is a leading operator of general acute care hospitals, with more in more than 200 locations across the country. They offer a wide range of services, from primary care to specialized treatments. Even if you aren’t a patient at any of the 76 hospitals located in 16 states, you may still have heard of them. More recently, they’ve been in the news…and not for a good reason.

In February 2023, CHS experienced a data breach that affected the private information of one million patients.

Photo by Pixabay

Attack on CHS

This is the latest in a string of supply chain attacks targeting businesses – small, medium and large alike. These types of attacks are affecting companies no matter their size. In this particular incident involving CHS, the healthcare giant was breached through a vulnerability in their secure file transfer platform, Fortra’s GoAnywhere Managed File Transfer. MFTs are basically platforms that let you securely communicate protected information; this would help guarantee PHI privacy and compliance.

However, a zero-day vulnerability was exploited in Fortra’s software to launch a remote code injection drive attack, which basically executes malicious code on a remote computer system. The threat actors don’t appear to have gone after admin systems, but they did leak what CHS estimates to be the personal health information (PHI) and PII of one million patients under their care.

The main goal of remote code injection attacks is to feed malicious code to vulnerable systems and applications. This can be done a myriad of ways, including buffer overflow, SQL injection, cross-site scripting and file inclusion vulnerabilities. Attackers can then use this malicious code to gain access to sensitive data on the system or even to take control of it entirely.

It is one of the most dangerous attacks currently plaguing businesses, which is why hackers are latching onto this threat. Remote code injections are becoming increasingly popular, as they are quick and easy to launch to — and from — anywhere in the world. They no longer need to have physical access to the target system; instead, they can simply plug in their drive and execute the malicious code from behind the safety of their own screens.

Conclusion

Unfortunately, supply chain attacks are effective until the developer comes out with a patch; and CHS doesn’t have one for their GoAnywhere MFT vulnerability yet. Affected customers should monitor their credit and bank accounts for suspicious activity and act immediately if red flags appear. In the meantime, watch out for any notifications from CHS with updates on the situation!

Learn how to better manage your third-party risks here.

Attacks on supply chains; breaches on healthcare bases; and remote code injections seem to be getting more popular all around the world, and that can be a worrying combination. Preparedness and education are the best defenses that you can wield in the modern threat landscape. Reading this blog, and heeding your Security Awareness Training, are great first steps!

Photo by Chokniti Khongchum

References