4.5million people affected by US hospital group data breach
A cyber attack on Community Health Systems Inc. led to the loss personal data such as Social Security numbers, names and addresses of 4.5 million patients.
A sophisticated Chinese hacking group which has breached other major U.S companies previously is thought to be responsible due to the similarity in techniques used. The breach occurred in April and June this year, despite multiple warnings from law enforcement and security experts informing them that their medical equipment is vulnerable to attack.
Community Health Systems officials declined to identify the group responsible or say if the Chinese government was involved. However, no medical records, clinical information or credit card details were taken in the attack.
The firm, which operates 206 hospitals over 29 states, is currently in the process of notifying all affected patients and has removed the malicious software used within its systems. Information such as social security numbers are often stolen to sell on to other criminals, which can then be used in identity theft.
Although the incident is believed to have been isolated to Community Health Systems, it has shared technical details of the attack with other healthcare providers. Warnings from the FBI in April, alongside forensics expert Mandiant’s observations of a spike in cyber attacks in the past six months which target healthcare providers, highlight the dangers and severe consequences of poor security measures.