Community Health says data stolen in cyber attack from China

Community Health says data stolen in cyber attack from China
BY JIM FINKLE AND CAROLINE HUMER
BOSTON/NEW YORK Mon Aug 18, 2014 6:48pm EDT

(Reuters) - Community Health Systems Inc (CYH.N), one of the biggest U.S. hospital groups, said on Monday it was the victim of a cyber attack from China, resulting in the theft of Social Security numbers and other personal data belonging to 4.5 million patients.

Security experts said the hacking group, known as "APT 18," may have links to the Chinese government.

"APT 18" typically targets companies in the aerospace and defense, construction and engineering, technology, financial services and healthcare industry, said Charles Carmakal, managing director with FireEye Inc's (FEYE.O) Mandiant forensics unit, which led the investigation of the attack on Community Health in April and June.

"They have fairly advanced techniques for breaking into organizations as well as maintaining access for fairly long periods of times without getting detected," he said.

The information stolen from Community Health included patient names, addresses, birth dates, telephone numbers and Social Security numbers of people who were referred or received services from doctors affiliated with the hospital group in the last five years, the company said in a regulatory filing.

The stolen data did not include medical or clinical information, credit card numbers, or any intellectual property such as data on medical device development, said Community Health, which has 206 hospitals in 29 states.

The attack is the largest of its type involving patient information since a U.S. Department of Health and Human Services website started tracking such breaches in 2009. The previous record, an attack on a Montana Department of Public Health server, was disclosed in June and affected about 1 million people.

Chinese hacking groups are known for seeking intellectual property, such as product design, or information that might be of use in business or political negotiations.

Social Security numbers and other personal data are typically stolen by cybercriminals to sell on underground exchanges for use by others in identity theft.

Over the past six months Mandiant has seen a spike in cyber attacks on healthcare providers, although this was the first case it had seen in which a sophisticated Chinese group has stolen personal data, according to Carmakal. Mandiant monitors about 20 hacking groups in China.

NEW SCRUTINY

Cybersecurity has come under increased scrutiny at healthcare providers this year, both by law enforcement and attackers.

The FBI warned the industry in April that its protections were lax compared with other sectors, making it vulnerable to hackers looking for details that could be used to access bank accounts or obtain prescriptions.

Mandiant has tracked "APT 18" for four years. When asked if the hackers were linked to the Chinese government, Carmakal said it was "a possibility" but declined to elaborate.

Another cybersecurity firm, CrowdStrike, which has also been monitoring "APT 18" for about four years, said it believes the hackers are either backed by Beijing or work directly for the government, based on the targets they have chosen.

CrowdStrike Chief Technology Officer Dmitri Alperovitch said his firm has seen "APT 18" targeting human rights groups and chemical companies.

"They are of above average skill" among Chinese hackers, said Alperovitch, whose company dubbed the group "Dynamite Panda."

The issue of Chinese state-sponsored hacking is highly sensitive. Tensions between Washington and Beijing have grown since May, when a U.S. grand jury indicted five Chinese military officers on charges they hacked into American companies for sensitive manufacturing secrets. China has denied the charges.

FBI spokesman Joshua Campbell said his agency was investigating the Community Health case, but declined to elaborate.

The Department of Homeland Security said it believed the incident was isolated, although it shared technical details about the attack with other healthcare providers. An agency official told Reuters it was too soon to say who was behind the attack.

Community Health said it has removed malicious software used by the attackers from its systems and completed other remediation steps. It is now notifying patients and regulatory agencies, as required by law.

The company said it is insured against such losses and does not at this time expect a material adverse effect on financial results. Community Health's stock rose 66 cents, or 1.3 percent, to close at $51.66 on the New York Stock Exchange on Monday.

(Reporting by Caroline Humer, Jim Finkle and Shailesh Kuber; Editing by Dan Grebler and Tiffany Wu)

http://www.reuters.com/article/2014/08/18/us-community-health-cybersecurity-idUSKBN0GI16N20140818


Comments

Post a Comment

Popular posts from this blog

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke...
Read more

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that th...
Read more

New ATM's: withdraw money with veins in your finger

New cash machines: withdraw money with veins in your finger Cash machine technology that reads the pattern of finger veins is already available in Japan and Poland   By Telegraph Reporters 6:59PM BST 15 May 2014 Cash machines could soon be installed with devices that identify customers by reading the veins in their fingers. The technology is already being rolled out in Poland, where 1,730 cash machines will this year be installed with readers, negating the need for a debit card and Pin. Developed by Hitachi, the Japanese electronics firm, the machines read the patterns of the veins just below the surface of the skin on your finger using infra-red sensors. The light is partially absorbed by haemoglobin in the veins to capture a unique finger vein pattern profile, which is matched to a profile. The technology is used by Japanese banks and also in Turkey, offering “groundbreaking levels of accuracy and speed of authentication”, Hitachi said, which in t...
Read more