Wilkes-Barre General Hospital is seen in a file photo. Parent Community Health Systems has issued a warning after unauthorized access of personal information was detected, with Regional Hospital of Scranton, Moses Taylor Hospital, and Wilkes-Barre General Hospital among the facilities affected.
                                 Times Leader file photo

Wilkes-Barre General Hospital is seen in a file photo. Parent Community Health Systems has issued a warning after unauthorized access of personal information was detected, with Regional Hospital of Scranton, Moses Taylor Hospital, and Wilkes-Barre General Hospital among the facilities affected.

Times Leader file photo

Tired of ads? Subscribers enjoy a distraction-free reading experience.
Click here to subscribe today or Login.

Community Health Systems has issued a warning after unauthorized access of personal information was detected, with Regional Hospital of Scranton, Moses Taylor Hospital, and Wilkes-Barre General Hospital among the facilities affected.

As our newsgathering partners at Eyewitness News WBRE/WYOU report, CHS said they were notified by Fortra, LLC, a contracted cyber security firm, that an unauthorized party accessed personal information on their system between January 28 and January 30 of 2023.

Fortra LLC provides secure file transfer software called GoAnywhere to CHSPSC LLC, a professional service company that provides services to hospitals and clinics affiliated with Community Health Systems.

Tennessee-based CHS operates three hospitals in Pennsylvania: Regional Hospital of Scranton, Moses Taylor and Wilkes-Barre General.

“Fortra informed us it became aware of the incident the evening of January 30, 2023 and took impacted systems offline on January 31, 2023, stopping the unauthorized party’s ability access the system. According to Fortra, the unauthorized party used a previously unknown vulnerability to gain access to Fortra’s systems, specifically Fortra’s GoAnywhere file transfer service platform, compromising sets of files throughout Fortra’s platform,” CHS said on their website.

According to the information released, CHSPSC started its own investigation into the extent of the incident that they say disclosed the personal information of patients, a limited number of employees, and other individuals. CHS says you may have been affected if you’ve received services at one of the CHSPSC affiliates, or are a family member or guarantor to a patient. You can visit the CHS website for a list of affiliates and links to their websites.

Information that may have been accessed includes names, addresses, medical billing, insurance information, diagnoses, medication, and demographic information such as date of birth and social security number, according to CHS.

Both CHSPSC and Fortra say they have contacted police, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).

“To protect against an incident like this from reoccurring, Fortra informed us that it has deleted the unauthorized party’s accounts, rebuilt the secure file transfer platform with system limitations and restrictions, and produced a patch for the software. CHSPSC has also implemented additional security measures, including immediate steps to implement measures to harden the security of CHSPSC’s use of the GoAnywhere platform” CHS added.

CHSPSC says it is offering free ID restoration and credit monitoring for two years through Experian. Anyone with questions can call 1-800-906-7947. You can also visit Community Health System’s website for more information.