US Healthcare Provider Hacked, 4.5 Million Patient Records Stolen

Community Health Systems (CHS), a major US operator of general hospital healthcare, has lost patient records of 4.5 million people in a hacker attack.

According to Reuters, data stolen in the breach included names, addresses, birth dates, telephone numbers and Social Security numbers. No financial data or medical information was compromised.

CHS said the digital forensics work conducted by the law enforcement agencies and security specialist Mandiant, a subsidiary of FireEye, suggests that the attack originated from China.

The question of value

CHS is a Fortune 500 company based in Nashville, Tennessee. Through its affiliates it owns, leases or operates 206 hospitals in 29 states, employing more than 135,000 people.

The attack was likely carried out between April and June and affects 4.5 million people who received medical services from the company in the past five years.

Mandiant reported that “the methods and techniques” used in the attack were similar to those employed by a notable hacker group in China. The company refused to name the group or disclose whether it has links to the Chinese state. It did say that this group is usually interested in valuable intellectual property, not personal data.

FBI told Reuters it is investigating the case, but didn’t elaborate further.

CHS said it removed the malware from its systems and is currently notifying the affected patients, as required by law. It added that the company is insured against data loss and the breach shouldn’t have an impact on its financial results.

Just like other recent victims of high-profile data breaches – Target and more recently, US retail chain SuperValu – CHS will offer free identity theft protection services to affected customers.

In April, the FBI warned US healthcare providers that their cybersecurity systems were lax compared with other sectors. The agency said that medical records were actually more valuable to cyber criminals than credit card numbers since they could be used to gain access to a bank account or obtain prescriptions for controlled substances.

“From a consumer standpoint this is the worst type of breach. When financial data is stolen, such as when credit card numbers are stolen from retailers, the retailer and card issuers are hit with the fraudulent charges and the costs for generating new cards but when personal information is stolen –  name, address, phone number, birth dates, and social security number – it impacts the person and not a company,” commented Lamar Bailey, director of security R&D at Tripwire.

“This is the information needed for identity theft to allow criminals to open accounts in the names of the 4.5 million victims. The other concern is that this data can be used on the black market to create new identities for scores of criminals and terrorists. Anyone affected by this breach should freeze their credit immediately to stop new credit accounts from being open without their consent.”

What do you do when tech fails? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago