HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 9 MINUTES AGO.
You are here: Home / Enterprise I.T. / Data Stolen from U.S. Health Network
Barium Ferrite (BaFe):
Higher Capacity, Superior Performance, Longer Archival Life
www.thefutureoftape.com
Community Health Systems Hacked, 4.5 Million Patients Affected
Community Health Systems Hacked, 4.5 Million Patients Affected
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
19
2014



One of the largest hospital groups in the U.S. has fallen victim to a cyberattack that gave hackers access to the personal information of 4.5 million patients. The attack reportedly originated in China and led to data leakage in April and June, according to a regulatory filing with the U.S. Securities and Exchange Commission by Community Health Systems

Tennessee-based Community Health Systems is a publicly-traded hospital company that operates acute care hospitals. The company owns, leases or operates 206 affiliated hospitals in 29 states with an aggregate of approximately 31,100 licensed beds.

“The company and its forensic expert, Mandiant (a FireEye company), believe the attacker was an ‘advanced persistent threat’ group originating from China who used highly sophisticated malware and technology to attack the company’s systems,” the filing said. “The attacker was able to bypass the company’s security measures and successfully copy and transfer certain data outside the company.”

What Did Hackers Really Get?

Community Health has worked closely with federal law enforcement authorities since it discovered the attack and reports it has “completely eradicated” the malware from its systems and implemented additional layers of security protections to prevent this type of attack in the future.

“The company has been informed by federal authorities and Mandiant that this intruder has typically sought valuable intellectual property, such as medical device and equipment development data,” the filing said. “However, in this instance the data transferred was non-medical patient identification data related to the company’s physician practice operations and affected approximately 4.5 million individuals who, in the last five years, were referred for or received services from physicians affiliated with the company.”

According to Community Health, the data did not include patient credit card, medical or clinical information. However, the leaked data is protected under the Health Insurance Portability and Accountability Act. That signals that patient names, addresses, birthdates, telephone numbers and Social Security numbers got into the hands of criminals.

Community Health is notifying affected patients and regulatory agencies and plans, like other organizations that were breached in recent months, to offer identity theft protection services to individuals affected by this attack.

Worst Possible Kind of Breach

We caught up with Lamar Bailey, director of security at security research firm Tripwire, to get his take on the Community Health Systems data breach. He told us from a consumer’s standpoint this is the worst possible kind of breach.

“When financial data such as credit card numbers are stolen, retailers and card issuers ultimately bear the costs,” Baily said. “When personal information is stolen, especially healthcare data because it typically includes name, address, phone number, birth dates, and Social Security number, it impacts consumers directly.”

According to Bailey, the data could be used on the black market to create new identities for criminals and terrorists. He said stolen data can also be used to open new, fraudulent credit accounts.

“Recovering from this kind of identity theft is difficult and can be extremely time consuming,” Bailey said. “Anyone effected by this breach should freeze their credit [immediately] to stop new credit accounts from being opened without their consent.”

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.
MORE IN ENTERPRISE I.T.
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Sony is no stranger to breaches. Sony’s PlayStation Network was hacked in 2011 and attackers obtained 77 million user accounts. The latest attack comes against Sony Pictures Entertainment.

ENTERPRISE HARDWARE SPOTLIGHT
Doctor Who had K-9, the robot dog that accompanied him on adventures through space. Now, Mountain View has K5, a 5-foot-tall, 300-pound robot security guard patrolling in the Bay Area.

MOBILE TECHNOLOGY SPOTLIGHT
Beleaguered handset maker BlackBerry is targeting iPhone users with an offer the company hopes they can’t refuse -- $550 to leave Apple and switch to the new BlackBerry Passport.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.