CoxHealth, a prominent healthcare system based in Springfield, Missouri, faced a data breach due to a security incident involving one of its vendors, Intellihartx, LLC (“ITx”). The breach occurred after ITx’s file transfer software, GoAnywhere, created by Fortra, LLC, experienced unauthorized access. Sensitive consumer information, including names, Social Security numbers, dates of birth, addresses, and protected health information, was compromised in the breach. CoxHealth promptly initiated data breach notification procedures, sending out notification letters to all individuals impacted by the incident to inform them of the breach and its potential impact on their personal data.
The breach stemmed from a vulnerability in the GoAnywhere application, used by ITx, which allowed an unauthorized party to gain access to confidential information. Following the discovery of the breach, ITx conducted an extensive investigation to determine the nature and scope of the incident and identify affected customers. The investigation, which began in February 2023 and concluded in May 2023, confirmed that confidential data entrusted to Fortra had been subject to unauthorized access.
CoxHealth took immediate action upon discovering the breach, reviewing the compromised files to assess the extent of the information exposed and identify affected individuals. In June 2023, data breach notification letters were sent to all impacted individuals, providing details of the incident and steps they can take to protect their personal information. This breach underscores the importance of robust cybersecurity measures within healthcare systems to prevent unauthorized access and protect patient privacy and sensitive data from potential threats.
