Chinese Cyberattack Steals 4.5 Million Patients’ Data From Hospital Records
Purloined information includes Social Security numbers
Community Health Systems Inc., one of the largest U.S. hospital groups, has reported that it was the target of a cyber attack from China, resulting in the theft of personal data belonging to 4.5 million patients.
Security experts said that the hacking group, known as “APT 18,” may have links to the Chinese government.
The stolen information included the names, addresses, birth dates, telephone numbers, and Social Security numbers of people who were referred to or received services from doctors affiliated with the hospital group during the last 5 years.
In April, the FBI warned the health care industry that its protections were lax compared with other business sectors, making it vulnerable to hackers looking for details that could be used to access bank accounts or to obtain prescriptions.
In addition to the health care industry, “APT 18” typically targets aerospace, defense, construction, engineering, technology, and financial services companies. Chinese hacking groups are known for seeking intellectual property, such as product design, or information that might be useful in business or political negotiations.
Community Health reported that it has removed the attackers’ malicious software from its systems and has completed other remediation steps.
Source: Reuters; August 18, 2014.