Hackers Steal Records on 4.5 Million Patients From Healthcare System
A healthcare system spanning 29 states announced on Monday that cybercriminals operating from China stole information on approximately 4.5 million patients, including names, birth dates, and Social Security numbers.
Community Health Systems, which comprises 206 facilities in the southern and western states, announced the incident in an 8-K filing submitted to the Securities and Exchange Commission (SEC). The data breach likely stems from compromises in April and June of this year, involved sophisticated malware, and is apparently connected to China, the company stated.
“The attacker was able to bypass the Company’s security measures and successfully copy and transfer certain data outside the Company,” CHS said in its 8-K filing. “Since first learning of this attack, the Company has worked closely with federal law enforcement authorities in connection with their investigation and possible prosecution of those determined to be responsible for this attack.”
While attacks against US companies by nation-state attackers—usually with apparent affiliations with China—have become common, the cybercriminals usually seek out intellectual property and sensitive information on business or policy, not personal information on individuals. The stolen information includes patient names, addresses, birth dates, telephone numbers, and Social Security numbers, but not credit-card, medical, or clinical information, the filing stated.
More: Hackers Steal Records on 4.5 Million Patients From Healthcare System