by Scott McClallen

 

The U.S. Department of Health and Human Services announced the discovery of a data breach involving cybersecurity company Fortra, which may have affected more than four million people worldwide.

This attack specifically targeted medical data.

Affected organizations include Hitachi Energy, Saks Fifth Avenue, Procter & Gamble, NationBenefits, and many more organizations across the United States and the world. The number of Michiganders who may be affected remains unknown.

“Companies that handle our personal data have a responsibility to implement safety measures that can withstand cyber-attacks,” Attorney General Dana Nessel said in a statement. “A breach like this one threatens to expose some of our most personal information – our health information. Heeding the advice my office has provided will help keep your personal data safe and secure.”

The first known attacks began in late January. Fortra issued a security alert and mitigation instructions on February 1st. The company provided a patch to resolve the remote access vulnerability on February 7.

The Russia-linked ransomware group Clop, which almost exclusively targets the healthcare sector, has claimed responsibility for the attack on GoAnyWhere MFT.

According to the HHS alert announcing the breach: “Healthcare is particularly vulnerable to cyberattacks owing to their high propensity to pay a ransom, the value of patient records, and often inadequate security.”

Nessel encourages Michiganders to protect their information by changing passwords and contacting banks to stay alert for fraudulent transactions. Other tips include:

  • Stay alert. Hang on to any unusual mail or emails, such as IRS tax notices, bills, or statements from unfamiliar lenders. Chances are that by the time you are notified of a breach, criminals may have had your information for quite some time.
  • Secure your accounts. Starting with any accounts specified in the breach notification, update passwords and PINs that you use to log in to bank and credit card accounts.
  • Initiate a fraud alert. This notifies any lender processing a credit application in your name that you may be the victim of fraud or identity theft.
  • Monitor your financial accounts and credit reports. Set up any available alerts to notify you of activity on your accounts. Remain vigilant about unusual or unexpected activity so that you can detect scams and report them immediately.
  • Freeze or lock your credit file. This is less convenient than simply creating a fraud alert, but it limits access to your credit report to specific credit bureaus.

For organizations to counteract the threats posed by hackers, HHS recommends that they prioritize security by maintaining awareness of the threat landscape, assessing their situation, and providing staff with the tools and resources necessary to prevent a cyberattack.

– – –

Scott McClallen is a staff writer covering Michigan and Minnesota for The Center Square. A graduate of Hillsdale College, his work has appeared on Forbes.com and FEE.org. Previously, he worked as a financial analyst at Pepsi.
Photo “Dana Nessel” by Michigan Department of Attorney General.