SoutheastHEALTH recently disclosed a significant security breach affecting patient data due to a third-party data breach involving ITx. The breach exposed sensitive information such as names, Social Security numbers, dates of birth, addresses, and protected health details of SoutheastHEALTH patients. Following the discovery, ITx promptly initiated the distribution of data breach notification letters to all affected patients, detailing the compromised information. Investigations are underway to assess the full extent of the breach and its potential impact on patient privacy and security.
The breach originated from a vulnerability found in GoAnywhere, a managed file transfer program created by Fortra, LLC, which ITx utilized for its billing services. Upon notification of the vulnerability by Fortra, ITx initiated an investigation to ascertain the scope and nature of the breach, seeking to identify all affected customers. Despite completing an initial review of the data on March 24, 2023, further information provided by Fortra prolonged the investigation until May 10, 2023, when ITx confirmed the breach’s impact on confidential patient data from SoutheastHEALTH.
SoutheastHEALTH, based in Cape Girardeau, Missouri, operates over 50 locations throughout the state, offering various healthcare services, including cancer care, orthopedic care, and women’s health. With more than 2,350 employees and an annual revenue of approximately $345 million, SoutheastHEALTH serves as a crucial healthcare provider in the region. As investigations continue and data breach notifications are sent out, SoutheastHEALTH remains committed to ensuring patient privacy and security while navigating the aftermath of this breach alongside its patients and stakeholders.
