Chinese hackers steal data from 4.5 million hospital patients

Summary:Community Health Systems, a US chain of more than 200 hospitals, said patient information such as names, addresses and social security numbers were stolen in the attack.

security-lock-abstract-620x202

The US hospital network Community Health Systems confirmed in an SEC regulatory filing Monday that its computer network was the target of an external, criminal cyberattack.

The breach, which is believed to have originated from a Chinese hacker ring, resulted in stolen personal data from nearly 4.5 million patients who were treated within the hospital chain over the last five years.

In the filing, the hospital company said the attacker was an Advanced Persistant Threat group using highly sophisticated malware to gain entry into its computer network. 

The attacker copied and transferred non-medical patient identification data that is protected under the Health Insurance Portability and Accountability Act, such as patient names, addresses, birthdates, telephone numbers and social security numbers.

Community Health Systems stressed that no patient credit card data was stolen, nor were any clinical or medical records. The attackers also failed to retrieve any sensitive intellectual property data, which is what the hospital company said this particular hacker ring typically goes after.

Since learning of the attack, the hospital chain said it's been working both with federal law enforcement authorities and the forensic security company Mandiant, with the latter helping the company work through remediation efforts and eradicate the malware from its system. 

The healthcare industry has frequently been criticized for poor security practices in recent months. In April, the FBI issued a warning to healthcare providers regarding potential security weaknesses, and several security reports have highlighted the same threats.

According to a recent  report from BitSight Technologies , healthcare and pharmaceutical companies have the lowest security performances when compared to the finance, utility and retail sectors. Given the lasting repercussions from Target's security debacle, that's saying something. 

More:

Topics: Security

About

Natalie Gagliordi is a staff writer for CBS Interactive based in Louisville, Kentucky, covering business technology for ZDNet. She previously worked as the editor of Kiosk Marketplace, an online B2B trade publication that focused on interactive self-service technology, while also contributing to additional websites that covered retail tec... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.