aGameOfThrones
08-18-2014, 02:54 PM
Credit: Reuters/Pawel Kopczynski
A hand is silhouetted in front of a computer screen in this picture illustration taken in Berlin May 21, 2013.
Credit: Reuters/Pawel Kopczynski
(Reuters) - Community Health Systems Inc (CYH.N), one of the biggest U.S. hospital groups, said on Monday it was the victim of a cyber attack from China, resulting in the theft of Social Security numbers and other personal data belonging to 4.5 million patients.
That would make the attack the largest of its type involving patient information since a U.S. Department of Health and Human Services website started tracking such breaches in 2009. The previous record, an attack on a Montana Department of Public Health server, was disclosed in June and affected about 1 million people.
The attackers appear to be from a sophisticated hacking group in China that has breached other major U.S. companies across several industries, said Charles Carmakal, managing director with FireEye Inc's (FEYE.O) Mandiant forensics unit, which led the investigation of the attack on Community Health in April and June.
"They have fairly advanced techniques for breaking into organizations as well as maintaining access for fairly long periods of times without getting detected," he said.
Carmakal and officials with Community Health Systems declined to name the group or say if it was linked to the Chinese government, which U.S. businesses and officials have long accused of orchestrating cyber espionage campaigns around the globe.
In May, a U.S. grand jury indicted five Chinese military officers on charges they hacked into U.S. companies for sensitive manufacturing secrets, the toughest action to date taken by Washington to address cyber spying. China has denied the charges.
FBI spokesman Joshua Campbell said his agency was investigating the case, but declined to elaborate.
The Department of Homeland Security said it believed the incident was isolated to Community Health Systems, although it shared technical details about the attack with other healthcare providers.
An agency official told Reuters it was too soon to confirm who was behind the attack.
“While attribution of this incident is still being determined by a range of partners, we caution against leaping to premature conclusions about who or how many actors are behind these activities,” said the official, who was not authorized to discuss the investigation publicly.
The stolen information included patient names, addresses, birth dates, telephone numbers and Social Security numbers of people who were referred or received services from doctors affiliated with the hospital group in the last five years, the company said in a regulatory filing. It did not include medical or clinical information.
http://www.reuters.com/article/2014/08/18/us-community-health-cybersecurity-idUSKBN0GI16N20140818
A hand is silhouetted in front of a computer screen in this picture illustration taken in Berlin May 21, 2013.
Credit: Reuters/Pawel Kopczynski
(Reuters) - Community Health Systems Inc (CYH.N), one of the biggest U.S. hospital groups, said on Monday it was the victim of a cyber attack from China, resulting in the theft of Social Security numbers and other personal data belonging to 4.5 million patients.
That would make the attack the largest of its type involving patient information since a U.S. Department of Health and Human Services website started tracking such breaches in 2009. The previous record, an attack on a Montana Department of Public Health server, was disclosed in June and affected about 1 million people.
The attackers appear to be from a sophisticated hacking group in China that has breached other major U.S. companies across several industries, said Charles Carmakal, managing director with FireEye Inc's (FEYE.O) Mandiant forensics unit, which led the investigation of the attack on Community Health in April and June.
"They have fairly advanced techniques for breaking into organizations as well as maintaining access for fairly long periods of times without getting detected," he said.
Carmakal and officials with Community Health Systems declined to name the group or say if it was linked to the Chinese government, which U.S. businesses and officials have long accused of orchestrating cyber espionage campaigns around the globe.
In May, a U.S. grand jury indicted five Chinese military officers on charges they hacked into U.S. companies for sensitive manufacturing secrets, the toughest action to date taken by Washington to address cyber spying. China has denied the charges.
FBI spokesman Joshua Campbell said his agency was investigating the case, but declined to elaborate.
The Department of Homeland Security said it believed the incident was isolated to Community Health Systems, although it shared technical details about the attack with other healthcare providers.
An agency official told Reuters it was too soon to confirm who was behind the attack.
“While attribution of this incident is still being determined by a range of partners, we caution against leaping to premature conclusions about who or how many actors are behind these activities,” said the official, who was not authorized to discuss the investigation publicly.
The stolen information included patient names, addresses, birth dates, telephone numbers and Social Security numbers of people who were referred or received services from doctors affiliated with the hospital group in the last five years, the company said in a regulatory filing. It did not include medical or clinical information.
http://www.reuters.com/article/2014/08/18/us-community-health-cybersecurity-idUSKBN0GI16N20140818