Hospital network hacked, 4.5 million records stolen

  • 18 August 2014
  • 4 replies
  • 1424 views

Userlevel 7
Badge +56
  • Retired Webrooter
  • 6752 replies
This is a biggie - 206 hospitals across the US:
 

Community Health Systems, which operates 206 hospitals across the United States, announced on Monday that hackers recently broke into its computers and stole data on 4.5 million patients.

Hackers have gained access to their names, Social Security numbers, physical addresses, birthdays and telephone numbers.
Anyone who received treatment from a physician's office tied to a network-owned hospital in the last five years -- or was merely referred there by an outside doctor -- is affected.
 
Full article here.
 


4 replies

Userlevel 7
Ouch...that is not good at all...on the otherhand just 4.5 million records over 5 years...not very efficient hacking...just a positive 
observation...that it could have been far worse given the timescales involved.
Userlevel 7
The following article is a update on 4.5 million records stolen
(About 4.5M face risk of ID theft after hospital network hacked)
 
By Jaikumar VijayanAugust 18, 2014 03:07 PM ET Community Health Systems says Chinese hackers accessed names, social security numbers and other data of people it treated or referred. Computerworld - About 4.5 million people in 28 states face the risk of identity theft due to a massive data breach at Community Health Systems (CHS) a Franklin, Tenn., based health network.
CHS, which operates over 200 hospitals, disclosed in a regulatory filing Monday that hackers, apparently based out of China,
The hackers successfully bypassed the company's security controls and siphoned out names, Social Security Numbers, addresses, birthdates and phone numbers of people who received or were referred for services by CHS affiliated doctors over the past five years.
 
ComputerWorld/Full Article Here/ http://www.computerworld.com/s/article/9250464/About_4.5M_face_risk_of_ID_theft_after_hospital_network_hacked
 
Userlevel 7
The following article is a update on Hospital network hacked
(Hospitals Increasingly Targets of Malicious Activity: Websense)
 
By Brian Prince on August 19, 2014
 
When Community Health Systems revealed it had been breached, it joined a growing list of healthcare organizations and hospitals that have been hit by attackers.
According to Websense, there has been a significant global spike in malicious activity attempted against hospitals beginning in October 2013. August 2014 has seen a 600 percent increase in such activity compared to the average amount prior to October, according to the firm.
"Healthcare records hold a treasure trove of data that is valuable to an attacker directly, or for resale on the cyber black-market," said Bob Hansmann, director of product marketing at Websense. "Few records are so rich in valuable PII [personally-identifiable information] that can be used in a multitude of different follow-up attacks and fraud.  Health records not only contain vital information on the identity of an individual…but also [are] often linked to bank, credit card, insurance and other financial information."
 
SecurityWeek/ Full Article Here/ http://www.securityweek.com/hospitals-increasingly-targets-malicious-activity-websense
Userlevel 7
The following article is a update on 4.5 million records stolen
(Hospital hack said to be Heartbleed)
 
By  Helen Gaskell Published  August 20, 2014 Hackers who stole the personal data of 4.5m patients of hospital group Community Health Systems Inc, broke into the company's computer system by exploiting the "Heartbleed" internet bug, making it the first known large-scale cyber-attack using the flaw, according to Reuters citing a security expert.
 
David Kennedy, chief executive of TrustedSec LLC, said that multiple sources familiar with the investigation into the attack had confirmed that Heartbleed had given the hackers access to the system.
 


 
 
itp.net / full article here/ http://www.itp.net/599492-hospital-hack-said-to-be-heartbleed

Reply