The web Browser you are currently using is unsupported, and some features of this site may not work as intended. Please update to a modern browser such as Chrome, Firefox or Edge to experience all features Michigan.gov has to offer.
Fortra Data Breach Targets 130 Companies, Many in Healthcare Sector
May 16, 2023
LANSING – The U.S. Department of Health and Human Services (HHS) recently announced the discovery of a data breach involving cybersecurity company Fortra, which may have affected more than four million people worldwide. This attack specifically targeted medical data.
Affected organizations include Hitachi Energy, Saks Fifth Avenue, Procter & Gamble, NationBenefits, and many more organizations across the United States and world. The exact number of Michigan residents who may be affected remains unknown.
“Companies that handle our personal data have a responsibility to implement safety measures that can withstand cyber-attacks,” Nessel said. “A breach like this one threatens to expose some of our most personal information – our health information. Heeding the advice my office has provided will help keep your personal data safe and secure.”
The first known attacks began in late January of this year, and Fortra issued both a security alert and mitigation instructions on February 1st. The company provided a patch to resolve the remote access vulnerability on February 7th.
The Russia-linked ransomware group Clop, which almost exclusively targets the healthcare sector, has claimed responsibility for the attack on GoAnyWhere MFT. According to the HHS alert announcing the breach, “Healthcare is particularly vulnerable to cyberattacks owing to their high propensity to pay a ransom, the value of patient records, and often inadequate security.”
AG Nessel encourages Michigan consumers to take steps to protect their information. For more information, please read the Attorney General’s Consumer Alert Data Breaches, What to do Next.
- Stay alert. Hang on to any unusual mail or emails, such as IRS tax notices, bills, or statements from unfamiliar lenders. Chances are that by the time you are notified of a breach, criminals may have had your information for quite some time.
- Secure your accounts. Starting with any accounts specified in the breach notification, update passwords and PINs that you use to log in to bank and credit card accounts.
- Initiate a fraud alert. This notifies any lender processing a credit application in your name that you may be the victim of fraud or identity theft.
- Monitor your financial accounts and credit reports. Set up any available alerts to notify you of activity on your accounts. Remain vigilant about unusual or unexpected activity so that you can detect scams and report them immediately.
- Freeze or lock your credit file. This is less convenient than simply creating a fraud alert, but it limits access to your credit report to specific credit bureaus.
For organizations to counteract the threats posed by hackers, HHS recommends that they prioritize security by maintaining awareness of the threat landscape, assessing their situation, and providing staff with the tools and resources necessary to prevent a cyberattack.
Your connection to consumer protection is just a click or phone call away. The Department provides a library of Consumer Alerts, which cover a wide range of topics, and can be reviewed on the Department’s website.
To file a complaint with the Attorney General, or get additional information, contact:
Consumer Protection Team
P.O. Box 30213
Lansing, MI 48909
Toll free: 877-765-8388
Online complaint form