Cyber Incident Victim: Northwest Health - La Porte

Northwest Health – La Porte, an Indiana-based healthcare provider, experienced a cybersecurity incident between January 28, 2023, and January 30, 2023, involving unauthorized access to protected health information of 10,256 patients. The breach occurred when the Clop ransomware group exploited a previously unknown vulnerability in Fortra’s GoAnywhere file transfer software, which Northwest Health utilized. This zero-day vulnerability allowed the threat actors to infiltrate the system, exfiltrate sensitive patient data, and subsequently attempt to extort money from the organization. The attack was part of a broader campaign targeting multiple victims through the same GoAnywhere software flaw during that timeframe. Northwest Health confirmed the incident after Fortra addressed the vulnerability and terminated unauthorized access capabilities.

Following the breach, Fortra rebuilt its GoAnywhere file transfer platform with the vulnerability patched to prevent further exploitation. Northwest Health initiated notification procedures to inform affected patients about the compromise of their protected health information, though specific data elements exposed were not detailed in available reports. The organization offered identity restoration services and credit monitoring to impacted individuals for the duration required under Indiana state law. No evidence of actual misuse of the stolen data was reported at the time of notifications. The incident highlighted operational disruptions and potential reputational risks associated with third-party software vulnerabilities exploited by ransomware groups. Northwest Health’s response focused on compliance with regulatory obligations and mitigating potential harm to patients through credit protection measures.