A sprawling, ambitious online data breach has illegally obtained the medical records of some 4.5 million U.S.-based patients. And this severe cyber security breach may have originated with nefarious hackers based in China. And taken a full three months to fully unfold.
Community Health Systems, a publicly traded company that manages more than 200 hospitals across the United States, disclosed the massive healthcare data breach in a recent regulatory filing. According to reports, the company also said that it is investigating the breach with the help of cyber security firm Mandiant.
Mandiant actually specializes in China-based cyber crimes, and is said to believe that this particular attack originated from a Chinese hacking group known as “APT 18” – a group it has been closely tracking for four years now.
The Washington Post also recently reported on this particular healthcare data breach and claimed that the data stolen from Community Health Systems includes records for patients who have seen doctors within the company’s network over the past five years – encompassing personal data such as names, addresses, birth dates, telephone numbers and social security numbers.
The thoroughly planned and executed attack unfolded between April and June of this year, and Mandiant claims that the group of hackers known as “APT 18” typically targets organizations in industries such as aerospace and defense, construction and healthcare.
For its part, Community Health Systems said that the stolen data didn’t include medical or clinical information, credit card numbers or any sort of intellectual property. According to a Reuters report, Community Health Systems is notifying patients and regulatory agencies alike about the breach, as is required by U.S. law.
In April, the FBI said the healthcare industry is particularly susceptible to cyber security breaches, since its regulations are fairly lax in comparison to many other sectors. It has even been estimated by the Traverse City, Michigan-based Ponemon Institute that cyber security breaches cost healthcare firms close to a staggering $5.6 billion each year.
We previously blogged about another massive IT security breach in the healthcare industry, this one affecting nearly 2,000 recipients of Colorado Medicaid earlier this year.
That particular cyber crime was obviously on a much smaller scale, and was reported to have been perpetuated not by a group of hackers, but by a single “rogue employee” – largely explaining the difference in scale and scope.
But the end results were largely the same. A lot of grief and worry for the impacted patients…and a good bit of blame and shame directed at the healthcare providers who had been entrusted with this confidential patient data.
Of course, data privacy and security worries have always existed, and cyber security breaches will probably always occur, on some scale. That being said, the more variables you can eliminate in the equation, the better off your business and its customers or clients will be.
So in an increasingly unsafe online world, why entrust the cyber security of your business to anything or anybody amateurish?
At Be Different Solutions, you can rest assured that all of our people are not just highly qualified and motivated, but also all based in one of our two U.S.- or Europe-based offices. We believe firmly that having our people work from one central location dramatically improves and promotes strong security, performance and overall accountability.
Drop us a line today. And see how we can help protect you and your business from IT security breaches.