4.5 Million Patient IDs Compromised in Hospital Hack

August 19, 2014 – 4:55 AM

One of the country’s biggest hospital operators, Community Health Systems, on Monday announced that its computer network was the “target of an external, criminal cyber attack” which saw the compromise of patient identification data for “approximately 4.5 million individuals.”

The attacker or attackers are believed to have originated in China, according to Community Health Systems and its IT security contractor, Mandiant.

Community Health Systems, which operates more than 200 hospitals in the United States, revealed the breach in a Form 8-K filing with the U.S. Securities and Exchange Commission.

The hack of the computer network occurred in July, the publicly traded company said. Data stolen in the breach “did not include patient credit card, medical, or clinical information,” Community Health Systems said, but did include “patient names, addresses, birthdates, telephone numbers, and social security numbers,” which are protected under the Health Insurance Portability and Accountability Act (HIPAA).

Community Health Systems said Mandiant, serving as the company’s forensic expert for the breach, believed “the attacker was an ‘Advanced Persistent Threat’ group originating from China who used highly sophisticated malware and technology to attack the company’s systems.”


You must be logged in to post a comment.