Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Community Health Systems admits breach, 4.5 million patients affected

Community Health Systems admits breach, 4.5 million patients affected
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Aug 18, 2014, 06:34 PM
Today, in a filing with the United States Securities and Exchange Commission (SEC), medical services provider Community Health Systems (CHS) revealed that it was the victim of a cyber attack that spanned a three-month period. According to the filing information, personal information from around 4.5 million patients was stolen, including Social Security numbers.

The company believes that the attack started in April and ran until June, but didn't give specific dates in the SEC document. According to the filing, the party responsible for the attack on the company's computer systems is believed to be a "Advanced Persistent Threat" group out of China. The group used "highly-sophisticated malware and technology" to carry out the attack. CHS learned of the attack source after it brought on Mandiant, a subsidiary of FireEye, to look into a possible breach.

While CHS has been working with Mandiant and federal law enforcement, the damage is found to be quite widespread. Typically, the hacking group involved seeks information regarding intellectual property, but evidence was found that the data stolen consisted of "non-medical patient identification data relating to the company's physician practice operations."

Patients that have dealt with CHS, which is one of the largest hospital operators in the United States, in the last five years are said to be affected. This includes any patients that received services or were referred to affiliated doctors. Currently, there are 206 hospitals in the network, across 29 states. The breach marks the largest theft from the healthcare industry since the attack on the Montana Department of Public Health in 2009.

Information that was stolen from for the approximately 4.5 million patients consisted of data that would generally be protected under the Health Insurance Portability and Accountability Act (HIPAA). CHS states that the information includes "patient names, addresses, birthdates, telephone numbers and Social Security numbers." However, no medical or clinical information was obtained, nor were any credit card numbers or other payment data involved.

CHS indicates that they are looking to prosecute the responsible parties, but if the attackers are confirmed to be in China, it's highly unlikely that anything would happen. The United States and China have a strained relationship when it comes to hacking and espionage, especially when demands are made for legal action.

Identity theft services are being offered to the patients affected by the data theft. CHS has already started notifying patients and other regulatory agencies.
( Last edited by NewsPoster; Aug 21, 2014 at 04:11 AM. )
Jeff Simpson
Fresh-Faced Recruit
Join Date: Feb 2007
Status: Offline
Reply With Quote
Aug 18, 2014, 09:12 PM
Forum Regular
Join Date: Apr 2008
Location: Vancouver, Canada
Status: Offline
Reply With Quote
Aug 18, 2014, 09:16 PM
The headline should say "patients" instead of "patents" :-)
Jordan Anderson
Fresh-Faced Recruit
Join Date: Jun 2014
Status: Offline
Reply With Quote
Aug 18, 2014, 10:03 PM
That it should. Thanks folks.
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Privacy Policy
All times are GMT -4. The time now is 09:28 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,