Chinese Hackers Nab Info on Millions of U.S. Patients
A group of Chinese hackers has stolen the personal information of about 4.5 million patients at hospitals operated by Tennessee-based Community Health Systems, according to a filing with the U.S. Securities and Exchange Commission. The data, which was stolen in April and June of 2014, affected individuals who had been patients at Community Health hospitals over the last five years, including individuals who were referred for or received services from physicians affiliated with the company.
The company, which controls 206 hospitals, said that the data did not include patient credit card, medical or clinical information. However, the hackers did get their hands on names, addresses, birth dates, telephone and Social Security numbers, Community Health confirmed. That information is considered protected by the Health Insurance Portability and Accountability Act.
Advanced Persistent Threat
The hospital operator said it was working with Mandiant, a forensic company that was acquired by FireEye last year, to identify the attackers and determine how they were able to penetrate Community Health Systems’ network. Mandiant identified the type of attack as an “advanced persistent threat,” indicating that the company was specifically targeted, rather than being the victim of hackers looking for targets of opportunity using infected e-mails or Web sites to phish for victims. Such attacks are notoriously difficult to defend against.
According to Mandiant, the group “used highly sophisticated malware and technology to attack the company’s systems.” Community Health said it is now working with federal law enforcement regarding possible prosecution of the attackers, while Mandiant is helping with remediation efforts.
“The attacker was able to bypass the company’s security measures and successfully copy and transfer certain data outside the company,” according to the SEC filing. Community Health also said it is currently working with Mandiant to protect against future attacks of a similar type.
Community Health said it has successfully eradicated all malware associated with the attack from its systems. It is currently in the process of notifying affected individuals and regulatory agencies, and will offer identity theft services to victims.
The China Syndrome
According to FireEye, recent attacks against U.S. companies that had appeared at first to be completely random were in fact part of a coordinated effort by Chinese hackers targeting U.S. corporations for valuable intellectual property. A number of attacks on companies in the technology, financial services and telecommunications industries were conducted using similar tools and attack methods.
However, FireEye has said it remains unclear whether the attacks have all come from one group of hackers. It could be that a single entity has been developing a single set of tools and then distributing them -- and providing the necessary education about the tools -- to multiple groups, or if a number of groups are sharing tools and knowledge. What also remains unclear is what the hackers have been doing with the data they have stolen.
FireEye’s research led the U.S. Department of Justice to indict five Chinese military hackers for computer hacking and military espionage against U.S. targets in the nuclear power, metals and solar industries in May. In the indictment, the U.S. accused the hackers of stealing IP that would be of value to Chinese state-operated entities.
Posted: 2014-08-19 @ 6:23am PT
All the laws and the paperwork I fill out plus millions spent regarding my medical privacy and the records have little protection from hackers? Sounds pretty scary.
Posted: 2014-08-18 @ 4:26pm PT
Now China finally found the Achilles's heel of US: all the American patients.
Next time they may send Chinese police abroad and use "I know where you live and your phone numbers" to extend the red terror to Americans.