HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 7 MINUTES AGO.
You are here: Home / Network Security / Chinese Hackers Steal Patient Data
BMC IT solutions:
IT products & services for the ultimate competitive business advantage.
BMC.com
Chinese Hackers Nab Info on Millions of U.S. Patients
Chinese Hackers Nab Info on Millions of U.S. Patients
By Jef Cozza / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
18
2014



A group of Chinese hackers has stolen the personal information of about 4.5 million patients at hospitals operated by Tennessee-based Community Health Systems, according to a filing with the U.S. Securities and Exchange Commission. The data, which was stolen in April and June of 2014, affected individuals who had been patients at Community Health hospitals over the last five years, including individuals who were referred for or received services from physicians affiliated with the company.

The company, which controls 206 hospitals, said that the data did not include patient credit card, medical or clinical information. However, the hackers did get their hands on names, addresses, birth dates, telephone and Social Security numbers, Community Health confirmed. That information is considered protected by the Health Insurance Portability and Accountability Act.

Advanced Persistent Threat

The hospital operator said it was working with Mandiant, a forensic security company that was acquired by FireEye last year, to identify the attackers and determine how they were able to penetrate Community Health Systems’ network. Mandiant identified the type of attack as an “advanced persistent threat,” indicating that the company was specifically targeted, rather than being the victim of hackers looking for targets of opportunity using infected e-mails or Web sites to phish for victims. Such attacks are notoriously difficult to defend against.

According to Mandiant, the group “used highly sophisticated malware and technology to attack the company’s systems.” Community Health said it is now working with federal law enforcement regarding possible prosecution of the attackers, while Mandiant is helping with remediation efforts.

“The attacker was able to bypass the company’s security measures and successfully copy and transfer certain data outside the company,” according to the SEC filing. Community Health also said it is currently working with Mandiant to protect against future attacks of a similar type.

Community Health said it has successfully eradicated all malware associated with the attack from its systems. It is currently in the process of notifying affected individuals and regulatory agencies, and will offer identity theft protection services to victims.

The China Syndrome

According to FireEye, recent attacks against U.S. companies that had appeared at first to be completely random were in fact part of a coordinated effort by Chinese hackers targeting U.S. corporations for valuable intellectual property. A number of attacks on companies in the technology, financial services and telecommunications industries were conducted using similar tools and attack methods.

However, FireEye has said it remains unclear whether the attacks have all come from one group of hackers. It could be that a single entity has been developing a single set of tools and then distributing them -- and providing the necessary education about the tools -- to multiple groups, or if a number of groups are sharing tools and knowledge. What also remains unclear is what the hackers have been doing with the data they have stolen.

FireEye’s research led the U.S. Department of Justice to indict five Chinese military hackers for computer hacking and military espionage against U.S. targets in the nuclear power, metals and solar industries in May. In the indictment, the U.S. accused the hackers of stealing IP that would be of value to Chinese state-operated entities.

Tell Us What You Think
Comment:

Name:

Aimee:
Posted: 2014-08-19 @ 6:23am PT
All the laws and the paperwork I fill out plus millions spent regarding my medical privacy and the records have little protection from hackers? Sounds pretty scary.

White Sue:
Posted: 2014-08-18 @ 4:26pm PT
Now China finally found the Achilles's heel of US: all the American patients.

Next time they may send Chinese police abroad and use "I know where you live and your phone numbers" to extend the red terror to Americans.

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Sony is no stranger to breaches. Sony’s PlayStation Network was hacked in 2011 and attackers obtained 77 million user accounts. The latest attack comes against Sony Pictures Entertainment.

MOBILE TECHNOLOGY SPOTLIGHT
In its bid for the wearables market, Sony is reportedly developing a watch made out of electronic paper for release as soon as next year. The e-paper watch will emphasize style over tech innovations.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.