One of the biggest hospital groups in the United States has fallen prey to Chinese cyber-attacks that stole personal information belonging to 4.5 million patients between April and June. Community Health Systems Inc., which runs 206 hospitals across 29 states, is informing its patients that their social security numbers and all subsequent info tied to it – name, telephone number, and address – has been compromised. The affected patient list also includes anyone who was referred for or received services from doctors affiliated with the group in the last five years.
Community Health System Inc. added that no credit card or medical and clinical information was stolen despite the data breach. Nonetheless, the impact of stealing personal information is far graver than that of stealing financial information, which is insured and protected against fraudulent purchases, whereas personal information can be used to open accounts in the person’s name an create a tangle of lies that ruins the person’s credit.
According to Community Health Systems spokeswoman Tomi Galin, the combined expertise of federal law enforcement agencies and the forensics experts from FireEye Inc., have ruled that the methods and techniques used by the hackers bear a close resemblance to prior cyber-attacks stemming from one specific China-based group. FBI remains fairly convinced the offense was committed by an entity connected with the five Chinese military officers indicted earlier in May by the U.S. grand jury on charges of hacking U.S. companies to steal trade secrets.
Investigators have advised Community Health Systems that the hackers were not interested in personal information inasmuch as valuable intellectual property such as medical devices and equipment development data. The FBI has continuously warned the health care industry its security standards are extremely lax, making them a prime target for hackers looking to score patients’ bank details.
8.20.14 UPDATE : David Kennedy, chief executive of TrustSec, informed the Bloomberg news agency that three inside sources with the ongoing investigation have confirmed that the data leak was attributed to the Heartbleed bug.
Source BBC/Reuters
Learn more about Electronic Products Magazine