The Target: Community Health Systems, a U.S based multi-state hospital chain.
The Take: Exposure of 1 million records of Personally Identifiable Information including: full names, medical billing and insurance information, diagnoses, medication, date-of-birth, and social security numbers.
The Vector: A zero-day exploit was used to breach a third-party vendor, Fortra, of CHS, targeting their file transfer software which let the attackers gain access to sets of files throughout the third-party vendor’s systems.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.