A filing submitted to the Office of the Maine Attorney General has revealed that 489,830 more people were affected by this year’s GoAnywhere breach than previously believed.

TechCrunch reported the development this morning.

The filing in question was submitted by a company called Intellihartx LLC that manages patient balances and collections for healthcare organizations. Intellihartx disclosed that the breach compromised 489,830 patients’ names, Social Security numbers addresses and dates of birth. The hackers also accessed medical information.

According to Intellihartx, the breach was the result of the high-profile cyberattack that targeted software maker Fortra LLC earlier this year. Eden Prairie, Minn.-based Fortra sells cybersecurity tools, a robotic process automation platform and various other applications. The company, which was known as HelpSystems until last year, claims its installed base includes more than 30,000 organizations. 

The breach affected Fortra’s GoAnywhere MFT file transfer application. Originally released in 2009, GoAnywhere is used by companies to exchange data with another. The software also has users in the public sector. 

At the start of the year, the Russia-linked Clop ransomware group exploited a zero-day vulnerability in GoAnywhere to compromise multiple customers’ deployments of the software. The group created malicious user accounts and used them to download data. In some cases, it also used the accounts to install hacking tools on GoAnywhere customers’ infrastructure. 

Fortra became aware of the issue on February 1 and released a patch six days later. But by the time the update arrived, the hackers had already managed to steal the information of more than 100 GoAnywhere customers. Those customers included Hitachi Energy, Procter & Gamble Co. and several other large enterprises.

The breach saw the hackers steal, among others, millions of patients’ personal information. Intellihartx is only the latest healthcare organization to have disclosed that it was affected by the cyberattack. 

Before Intellihartx’s disclosure this week, Florida-based supplemental benefits company NationBenefits disclosed that its GoAnywhere environment was also hacked. The breach compromised more than three millions of its members’ data. NationBenefits didn’t specify what information was stolen. 

Earlier, mental health care provider Brightline and hospital operator Community Health Systems disclosed that their GoAnywhere deployments were also breached. Brightline didn’t say how many users were affected. But Community Health Systems disclosed that one million of its patients’ data was compromised.

Fortra published the results of its investigation into the cyberattack in April. At the time, the company stated that it had notified all directly affected customers about the breach. Fortra also issued a series of technical guidelines designed to help organizations improve the security of their GoAnywhere deployments. 

Image: Unsplash