A hacker attack believed to have originated in China resulted in the theft of personal details of 4.5 million patients of Community Health Systems Inc, one of the largest hospital groups in the nation. Cyber thieves made off with a treasure trove of personal details, including patient names, addresses, birth dates, telephone numbers, and social security numbers, or pretty much all the necessary info to steal someone's identity.
Those affected include anyone who was referred for or received services from physicians associated with Community Health Systems within the last five years. The hackers didn't make off with credit card, medical, or clinical information, though the data they did steal is considered protected under the Health Insurance Portability and Accountability Act (HIPPA).
"The company and its forensic expert, Mandiant (a FireEye company), believe the attacker was an 'Advanced Persistent Threat' group originating from China who used highly sophisticated malware and technology to attack the company's systems," CHS stated in a regulatory filing. "The attacker was able to bypass the company's security measures and successfully copy and transfer certain data outside the company."
CHS is working with law enforcement authorities, though that comes as little consolation to those affected by the theft. Perhaps of more value is CHS's offering of identity theft protection services.