CA Health Plan Reports Data Breach Tied to Fortra GoAnywhere Hack

April 28, 2023 - California-based Santa Clara Health Plan (SCHP) reported a breach tied to a known vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) solution that impacted 276,993 individuals. As previously reported, threat actors have been leveraging the vulnerability to gain access to sensitive data.

Community Health Systems and Blue Shield of California are just a few organizations that have been impacted by the Fortra hack.

In the case of Santa Clara Health Plan, the breach impacted one of its vendors, NationsBenefits, which provides supplemental benefits administrations services to healthcare plans, including SCHP. SCHP’s website notice directs patients to the NationsBenefits website, which contains details of the breach.

According to NationsBenefits, Fortra experienced a breach on January 30, 2023. NationsBenefits determined that certain members’ personal information was impacted by the incident in mid-February. The impacted information included names, demographic information, health insurance numbers, Social Security numbers, dates of service, phone numbers, and provider names.

NationsBenefits said it immediately stopped using Fortra’s software and implemented additional processes to strengthen its security posture.

The Health Sector Cybersecurity Coordination Center (HC3) issued an alert in February to warn the healthcare sector specifically about Clop ransomware’s use of the Fortra vulnerability. Clop claimed to have conducted a mass cyberattack against 130 organizations.

United Steelworkers Local 286 Breach Impacts 38K

United Steelworkers Local 286 (USW) in Philadelphia, Pennsylvania notified 37,965 individuals of a healthcare data breach that began with unauthorized access to an employee email account.

In its breach notice, the steelworkers union stated that it discovered in mid-February 2023 that an employee email account had been accessed by an unauthorized third-party for two days in July 2022.

The account contained personal information, including names, Social Security numbers, medical treatment information, financial account numbers, birth dates, passport numbers, medical record numbers, biometric information, and health insurance information.

USW Local 286 said it was not aware of any reports of identity fraud as a result of the breach. The union said it would continue to modify its practices to maintain security and privacy.

Robeson Health Care Corporation Suffers Malware Attack

North Carolina-based Robeson Health Care Corporation (RHCC) notified 15,045 individuals of a healthcare data breach. RHCC operates a nonprofit network of health centers in Pembroke, North Carolina and surrounding areas.

On February 21, 2023, RHCC discovered malware within its systems and immediately disconnected its network. Further investigation determined that an unauthorized party had gained access to its systems between February 17 and 21.

There was no evidence that the health system’s EMR databases were accessed. However, some sensitive information may have been viewed or acquired, including patient names, Social Security numbers, addresses, treatment information, birthdates, medical record numbers, patient ID numbers, Medicare/Medicaid numbers, prescription information, and health insurance information.

RHCC began notifying impacted individuals of the breach in April and is continuing to investigate the full impact of the breach.

“In response to the suspicious activity, RHCC disconnected it network from the internet and partnered with computer forensics specialists to restore its systems safely. RHCC conducted a thorough investigation to understand the nature and scope of the event,” the notice stated.

“RHCC reset passwords and enabled multifactor authentication for all users. RHCC continues to review the policies and procedures in place prior to the event, to identify ways to strengthen its security going forward.”