Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Cybercrime / Chinese Hackers Steal Patient Data
Chinese Hackers Nab Info on Millions of U.S. Patients
Chinese Hackers Nab Info on Millions of U.S. Patients
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
A group of Chinese hackers has stolen the personal information of about 4.5 million patients at hospitals operated by Tennessee-based Community Health Systems, according to a filing with the U.S. Securities and Exchange Commission. The data, which was stolen in April and June of 2014, affected individuals who had been patients at Community Health hospitals over the last five years, including individuals who were referred for or received services from physicians affiliated with the company.

The company, which controls 206 hospitals, said that the data did not include patient credit card, medical or clinical information. However, the hackers did get their hands on names, addresses, birth dates, telephone and Social Security numbers, Community Health confirmed. That information is considered protected by the Health Insurance Portability and Accountability Act.

Advanced Persistent Threat

The hospital operator said it was working with Mandiant, a forensic security company that was acquired by FireEye last year, to identify the attackers and determine how they were able to penetrate Community Health Systems’ network. Mandiant identified the type of attack as an “advanced persistent threat,” indicating that the company was specifically targeted, rather than being the victim of hackers looking for targets of opportunity using infected e-mails or Web sites to phish for victims. Such attacks are notoriously difficult to defend against.

According to Mandiant, the group “used highly sophisticated malware and technology to attack the company’s systems.” Community Health said it is now working with federal law enforcement regarding possible prosecution of the attackers, while Mandiant is helping with remediation efforts.

“The attacker was able to bypass the company’s security measures and successfully copy and transfer certain data outside the company,” according to the SEC filing. Community Health also said it is currently working with Mandiant to protect against future attacks of a similar type.

Community Health said it has successfully eradicated all malware associated with the attack from its systems. It is currently in the process of notifying affected individuals and regulatory agencies, and will offer identity theft protection services to victims.

The China Syndrome

According to FireEye, recent attacks against U.S. companies that had appeared at first to be completely random were in fact part of a coordinated effort by Chinese hackers targeting U.S. corporations for valuable intellectual property. A number of attacks on companies in the technology, financial services and telecommunications industries were conducted using similar tools and attack methods.

However, FireEye has said it remains unclear whether the attacks have all come from one group of hackers. It could be that a single entity has been developing a single set of tools and then distributing them -- and providing the necessary education about the tools -- to multiple groups, or if a number of groups are sharing tools and knowledge. What also remains unclear is what the hackers have been doing with the data they have stolen.

FireEye’s research led the U.S. Department of Justice to indict five Chinese military hackers for computer hacking and military espionage against U.S. targets in the nuclear power, metals and solar industries in May. In the indictment, the U.S. accused the hackers of stealing IP that would be of value to Chinese state-operated entities.

Tell Us What You Think


Posted: 2014-08-19 @ 6:23am PT
All the laws and the paperwork I fill out plus millions spent regarding my medical privacy and the records have little protection from hackers? Sounds pretty scary.

White Sue:
Posted: 2014-08-18 @ 4:26pm PT
Now China finally found the Achilles's heel of US: all the American patients.

Next time they may send Chinese police abroad and use "I know where you live and your phone numbers" to extend the red terror to Americans.

Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.