CYBERCRIME | Chinese hackers steal data for 4.5m patients from US hospital group

iHRGgHBSgY6QChinese hackers stole social security numbers, names and addresses from 4.5 million patients of Community Health Systems Inc., the second-biggest for-profit U.S. hospital chain, according to the company.
The attacks occurred in April and June, the Franklin, Tennessee-based company said Monday in a U.S. regulatory filing. The hacker group originated from China and bypassed the company’s security system, making off with non-medical information from people who visited doctors’ offices associated with the company.
“Unfortunately, we have joined numerous American companies and institutions who have been victimized by highly sophisticated, criminal cyber-attacks originating out of China,” Tomi Galin, a spokeswoman for Community Health, said in an e-mail. “Importantly, no patient medical or financial information was transferred as a result of this intrusion.”
Community Health is among several companies that have reported similar breaches. Supervalu Inc., a U.S. supermarket chain, said Aug. 15 that it suffered an attack that exposed customers’ credit- and debit-card information. The retailer Target Corp. was breached last year by Eastern European hackers who stole credit card numbers and other personal data from at least 70 million customers in one of the biggest retail hacking incidents in U.S. history.
The company could have done a better job safeguarding the data, said one electronic security expert. “There is no indication that this data was encrypted, which creates further challenges for the organization and the patients impacted,” JD Sherry, vice president for network security company Trend Micro Inc., said in an e-mail.
Community Health said it hired electronic forensics specialist Mandiant Corp., a subsidiary of FireEye Inc., to investigate the incident and suggest security improvements. The hospital operator also working with the U.S. Federal Bureau of Investigation.
“We understand the significance of this and other recently announced cyber-intrusions by state actors and other cybercriminals and are committing significant resources and efforts to target, disrupt, dismantle and arrest the perpetrators,” FBI spokesman Joshua Campbell said in an e-mail.
Federal authorities and security experts have been tracking the Chinese state-sponsored group they believe is responsible for the breach over a period of several years. This is the first time the group has been linked to the theft of the kind of personal data in which cybercriminals specialize, according to a person familiar with the investigation. Bloomberg

Cynthia Koons
and Michael Riley
Categories World