Community Health Systems, a major US hospital group in the US, yesterday announced that hackers stole approximately 4.5 million records with patient names, addresses, birth data, phone numbers and Social Security numbers. With 206 hospitals in over 29 states, Community Health Systems reported that hackers used “sophisticated malware” to attack the organisations security system to copy and transfer hospital data. The attack is believed to have originated in China between April and June this year.
Community Health Systems stressed that credit card details and medical information were not stolen. However, as Lamar Bailey, director of security research and development at Tripwire, notes,
“When financial data is stolen, such as when credit card numbers are stolen from retailers, the retailer and card issuers are hit with the fraudulent charges and the costs for generating new cards.”
“But when personal information is stolen – name, address, phone number, birthdates, and social security number – it impacts the person and not a company.”
“This is the information needed for identity theft to allow criminals to open accounts in the names of the 4.5 million victims.”
The announcement of the breach comes after a number of recent breaches that have left US citizens subject to identity theft and credit card fraud. The U.S. Investigation Services (USIS), the main U.S. government contractor, reported an attack earlier this month on its corporate network. Similarly, this year saw the largest retail hack in U.S. history when Target’s systems were hacked, resulting in 110 million bank card numbers being stolen.
Commentators have suggested that these attacks will only continue to rise as hackers become more sophisticated in their methods. As Karen Weise notes in BusinessWeek on the graph (left), “The red line shows that hackers have gotten faster at breaking in doing their deeds, while the blue line shows defenders aren’t keeping up.“
Read more here
(Image Credit: Cory Doctorow)