Another huge US medical data breach confirmed after Fortra mass-hack

Hackers stole another half a million people’s personal and health information during a ransomware attack on a technology vendor earlier this year.

Intellihartx, a Tennessee-based company that handles patient payment balances and collections, said in a notice filed with the Maine attorney general’s office that 489,830 patients had information stolen in the cyberattack targeting its vendor, Fortra.

According to the notice, the hackers stole patient names, addresses, dates of birth and Social Security numbers. The breach also compromised patient medical billing and insurance information, as well as diagnoses and medication.

Intellihartx is the latest company to come forward as a victim of the mass ransomware attack targeting Fortra‚Äôs GoAnywhere file-transfer software, which organizations use for sharing large data sets across the internet. The Clop ransomware group claimed responsibility for mass-exploiting a previously undisclosed security flaw in Fortra’s GoAnywhere software in February, which affected more than a hundred companies and organizations, including digital financier Hatch Bank, security giant Rubrik, and the City of Toronto.

Millions of patients across the United States also had their health information stolen in the cyberattack, including children’s data.

The impact of Clop’s ransomware attack prompted the U.S. Department of Health and Human Services to publish an alert warning that the ransomware group was targeting the healthcare industry.

Clop has targeted other vendors of file transfer tools, including Accellion’s file transfer appliance and more recently, a mass-hack involving MOVEit, a file transfer tool developed by Progress Systems.