Phishing: 4.5 million Community Health patients records stolen



n">CHS Logo(Reuters) - Community Health Systems Inc, one of the biggest U.S. hospital groups, said it was the victim of a cyber attack that originated in China, resulting in the theft of personal data belonging to 4.5 million patients in April and June. Community Health, which has 206 hospitals in 29 states, said it has removed the malware from its systems and completed other remediation steps. It is now notifying patients and regulatory agencies as required by law. 

The stolen information included patient names, addresses, birth dates, telephone numbers and Social Security numbers of people who were referred for or received services from doctors affiliated with the hospital group in the last five years, it said in a regulatory filing on Monday.

Tomi Galin, their spokesperson, said the company believes the attack originated from China because federal law enforcement and forensics experts with FireEye Inc unit Mandiant had told it that "the methods and techniques" employed by the hackers were consistent with a particular group of hackers operating in China. This means spear-phishing attacks using social engineering tricks causing a compromised workstation which opens the door to the attackers.

The company's filing said that the stolen data did not include credit card numbers, medical or clinical information, though the types of personal information stolen were still covered by the U.S. government's Health Insurance Portability and Accountability Act. (HIPAA).

Effective security awareness training would have stopped this attack in its tracks. Wait until the class action lawsuits start, and they will...




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews