Community Health Systems, which operates 206 hospitals across the country, announced Monday hackers broke into its computers and stole data on 4.5 million patients, including names, Social Security numbers, physical addresses, birthdays and telephone numbers, according to media reports. The breach puts the affected patients at heightened risk of identity fraud.
CHS, which is based in Franklin, Tenn., operates hospitals in 29 states, including Florida, Pennsylvania, Tennessee and Texas, according to its website. The company hired cybersecurity experts at Mandiant, who have determined the cyberattack originated in China and was launched sometime in April and June, according to a CNN Money article.
According to the Chicago Tribune, the theft of personal data belonging to 4.5 million patients would make this attack the largest of its type involving patient information since a U.S. Department of Health and Human Services website started tracking such breaches in 2009, when an attack on a Montana Department of Public Health server affected about 1 million people.
The attackers belong to a sophisticated hacking group in China that typically targets companies in the aerospace and defense, construction and engineering, technology, financial services and healthcare industry, Charles Carmakal, managing director with FireEye Incs Mandiant forensics unit, said in the Tribune article.
Mandiant has tracked the group for four years and internally refers to it as APT 18.
They [the cyberstalkers] have fairly advanced techniques for breaking into organizations as well as maintaining access for fairly long periods of times without getting detected, Carmakal said in the article.
During the past six months Mandiant has seen a spike in cyberattacks on healthcare providers, according to the article.