Community Health Systems Says It Suffered Criminal Cyberattack

[InfoSec News <alerts () infosecnews org>]

http://online.wsj.com/articles/community-health-systems-says-its-suffered-criminal-cyberattack-1408365259

By ERIN MCCARTHY
The Wall Street Journal
Aug. 18, 2014

Community Health Systems Inc. CYH +1.29% said Monday that its computer 
network was a target of an external criminal cyberattack in April and June 
that affected data related to some 4.5 million individuals.

The rural hospital operator and cybersecurity firm Mandiant believe the 
attacker was an "Advanced Persistent Threat" group originating from China, 
it said. The attacker, which used highly sophisticated malware and 
technology to attack the company's systems, was able to bypass Community 
Health Systems' security measures and to successfully copy and transfer 
certain data outside the company, it said.

The company said it is notifying affected patients and regulatory agencies 
as required by law. The data transferred, which was nonmedical 
patient-identification data related to the company's physician-practice 
operations, affected about 4.5 million individuals who were referred for 
or received services from company-affiliated physicians during the past 
five years. The data includes patient names, addresses, birth dates, 
telephone numbers and Social Security numbers, but not patient 
credit-card, medical or clinical information. Community Health Systems 
said it would offer identity-theft protection services to those affected 
by the attack.

The intruder has typically sought valuable intellectual property, such as 
medical-device and equipment-development data, according to federal 
authorities and Mandiant, Community Health Systems said.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/