Chinese hackers stole 4.5 million patients’ names, Social Security numbers and other personal data from the computers of one of the country’s largest hospital chains, the company said Monday – the biggest reported cyberattack ever on a U.S. health care company.
Community Health Services and its forensic expert, Mandiant, believe the attacker was an “advanced persistent threat” group from China that used highly sophisticated malware and technology, according to a filing with the Securities and Exchange Commission.
The data stolen in April and June also included patients’ addresses, birth dates and phone numbers. The thieves did not swipe credit card numbers or medical information.
Social Security numbers and other personal data are a gold mine to hackers, who can sell them to black market criminals for use in financial fraud. Complete health care records are even more valuable, bringing up to $316 per record, security experts say. The Chinese hackers may have been blocked by encryption from getting medical records during the attack, according to the experts.
Community Health Services is notifying patients and regulatory agencies as required by law, the company said in the filing. It is insured against related losses and “does not at this time expect a material adverse effect on financial results.”
The Chinese group identified in the theft typically targets intellectual property, such as medical device and equipment development data, Community Health said. Whether the hospital chain was targeted for some particular reason or became victim of an opportunistic attack based on the discovery of a vulnerable data system is unclear.
Read more at POLITICO.