Printed from http://www.electronista.com

Community Health Systems admits breach, 4.5 million patients affected

updated 06:34 pm EDT, Mon August 18, 2014

Personal information including social security numbers stolen, no medical information

Today, in a filing with the United States Securities and Exchange Commission (SEC), medical services provider Community Health Systems (CHS) revealed that it was the victim of a cyber attack that spanned a three-month period. According to the filing information, personal information from around 4.5 million patients was stolen, including Social Security numbers.

The company believes that the attack started in April and ran until June, but didn't give specific dates in the SEC document. According to the filing, the party responsible for the attack on the company's computer systems is believed to be a "Advanced Persistent Threat" group out of China. The group used "highly-sophisticated malware and technology" to carry out the attack. CHS learned of the attack source after it brought on Mandiant, a subsidiary of FireEye, to look into a possible breach.

While CHS has been working with Mandiant and federal law enforcement, the damage is found to be quite widespread. Typically, the hacking group involved seeks information regarding intellectual property, but evidence was found that the data stolen consisted of "non-medical patient identification data relating to the company's physician practice operations."

Patients that have dealt with CHS, which is one of the largest hospital operators in the United States, in the last five years are said to be affected. This includes any patients that received services or were referred to affiliated doctors. Currently, there are 206 hospitals in the network, across 29 states. The breach marks the largest theft from the healthcare industry since the attack on the Montana Department of Public Health in 2009.

Information that was stolen from for the approximately 4.5 million patients consisted of data that would generally be protected under the Health Insurance Portability and Accountability Act (HIPAA). CHS states that the information includes "patient names, addresses, birthdates, telephone numbers and Social Security numbers." However, no medical or clinical information was obtained, nor were any credit card numbers or other payment data involved.

CHS indicates that they are looking to prosecute the responsible parties, but if the attackers are confirmed to be in China, it's highly unlikely that anything would happen. The United States and China have a strained relationship when it comes to hacking and espionage, especially when demands are made for legal action.

Identity theft services are being offered to the patients affected by the data theft. CHS has already started notifying patients and other regulatory agencies.



By Electronista Staff
toggle

Comments

  1. Jeff Simpson

    Fresh-Faced Recruit

    Joined: 02-23-07

    PATIENTS maybe?

  1. shawnde

    Fresh-Faced Recruit

    Joined: 04-01-08

    The headline should say "patients" instead of "patents" :-)

  1. Jordan Anderson

    Electronista Staff

    Joined: 06-04-14

    That it should. Thanks folks.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Adesso Compagno X Bluetooth keyboard

The shift from typing on physical keyboards to digital versions on smartphones and tablets hasn't been an easy for many consumers. Fro ...

Sponsor

toggle

Most Commented

 
toggle

Popular News