Hackers hit healthcare network, 4.5M records stolen in data breach

A ring of hackers, possibly from China, have hacked a rural health company with hospitals around the country.

The hackers managed to steal information such as names, addresses, birth dates, telephone numbers and even Social Security numbers. Information from around 4.5 million patients was compromised. No credit card information was stolen.

The hackers used "highly sophisticated malware and technology to attack the company's systems," said the filing with the U.S. Securities and Exchange Commission that revealed the hack at Community Health Systems.

The hack puts user information at a heightened risk of identity theft.

The 206 hospitals affected are located in 28 states, but the largest number of Community Health Systems hospitals are located in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee and Texas.

The company has hired security experts at Mandiant who claim the hackers were from China and "able to bypass the company's security measures and successfully copy and transfer certain data outside the company." Mandiant also said the ring used high-end sophisticated malware, and that the hacks took place sometime in April or June of this year.

"We are committing significant resources and efforts to target, disrupt, dismantle and arrest the perpetrators," says the FBI.

The loss of personal information is protected under the Health Insurance Portability and Accountability Act (HIPAA), meaning state attorneys general and patients could both sue for damages.

The hospital network said it has wiped the malware and installed more protections to prevent similar hacks.

"Hospitals are arguably one of the hardest network environments to secure; their primary focus is on protecting and improving human life, and this often eclipses all other priorities," says Trey Ford, a security strategist at Rapid7.

While shares of the health company did edge a little higher on Monday, the company made an effort to diminish worries about the damages by filing a statement to the SEC which said that it "carries cyber/privacy liability insurance to protect it against certain losses related to matters of this nature."

The health company says it plans on offering identity theft protection to the 4.5 million people who had information stolen.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics