In what seems to be one of the largest HIPAA security breaches that has affected the US, information such as names, Social Security numbers, addresses, birthdays and telephone numbers of 4.5 million patients of Community Health Systems has been stolen by online miscreants. Credit card numbers and medical records were not accessed.
On this subject Michael McMillan the CEO of security consulting firm CynergisTek, said in an interview that hospitals are “going to become a bigger and bigger target as the hacking community figures out it’s easier to hack a hospital than it is to hack a bank and you get the same information. I’m not sure healthcare is listening yet.”
Community Health Systems- which is a network of 206 hospitals across 29 states- said in a statement: “Our organization believes the intruder was a foreign-based group out of China that was likely looking for intellectual property. The intruder used highly sophisticated methods to bypass security systems. The intruder has been eradicated and applications have been deployed to protect against future attacks.”
The cyber-attack is alleged to have been carried out by a hacking group known as “APT 18” with the intention of selling it to identity thieves for monetary gains. Experts believe that there might also be a link with the Chinese Government. APT 18 has been known to target companies that deal in aerospace, defence, construction, technology, etc.