BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Community Health Systems: 4.5M records compromised

From: Richard Forno <rforno () infowarrior org>
Date: Mon, 18 Aug 2014 10:08:28 -0400

Community Health Systems says personal data stolen in cyber attack

Mon Aug 18, 2014 9:32am EDT

http://www.reuters.com/article/2014/08/18/us-community-health-cybersecurity-idUSKBN0GI16N20140818

(Reuters) - U.S. hospital operator Community Health Systems Inc said on Monday personal data, including patient names 
and addresses, of about 4.5 million people were stolen by hackers from its computer network, likely in April and June.

The company said the data, considered protected under the Health Insurance Portability and Accountability Act, included 
patient names, addresses, birth dates, telephone numbers and Social Security numbers. It did not include patient credit 
card or medical information, Community Health Systems said in a regulatory filing.

It said the security breach had affected about 4.5 million people who were referred for or received services from 
doctors affiliated with the hospital group in the last five years.

The FBI warned healthcare providers in April that their cybersecurity systems were lax compared to other sectors, 
making them vulnerable to hackers looking for details that could be used to access bank accounts or obtain 
prescriptions, Reuters previously reported. [ID:nL6N0NF4VL]

The company said it and its security contractor, FireEye Inc unit Mandiant, believed the attackers originated from 
China. They did not provide further information about why they believed this was the case. They said they used malware 
and other technology to copy and transfer this data and information from its system.

Community Health, which is one of the largest hospital operators in the country with 206 hospitals in 29 states, said 
it was working with federal law enforcement authorities in connection with their investigation into the attack. It said 
federal authorities said these attacks are typically aimed at gathering intellectual property, such as medical device 
and equipment development data.

It said that prior to filing the regulatory document, it had eradicated the malware from its systems and finalized the 
implementation of remediation efforts. It is notifying patients and regulatory agencies as required by law, it said.

It also said it is insured against such losses and does not at this time expect a material adverse effect on financial 
results.

(Reporting by Caroline Humer and Shailesh Kuber; Editing by Joyjeet Das, Lisa Von Ahn and Chizu Nomiyama)
---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: