Home / / US hospital hack sees 4.5m people's data stolen

US hospital hack sees 4.5m people's data stolen

Attack is believed to have been done by hacking group "APT 18" from China

US hospital hack sees 4.5m people's data stolen
The attack is said to be the largest of its type involving patient information since 2009.

A major US hospital group has said it was the victim of a cyber-attack resulting in the theft of 4.5m people's personal data, online media has reported.

The cyber-attack is believed to have been from China, as according to Reuters, security experts said the hacking group, known as "APT 18," may have links to the Chinese government.

"APT 18" typically targets companies in the aerospace and defence, construction and engineering, technology, financial services and healthcare industry, said Charles Carmakal, managing director with FireEye Inc's Mandiant forensics unit, which led the investigation of the attack on Community Health in April and June.

"They have fairly advanced techniques for breaking into organisations as well as maintaining access for fairly long periods of times without getting detected," he said.

The information stolen from Community Health included patient names, addresses, birth dates, telephone numbers and social security numbers of people who were referred or received services from doctors affiliated with the hospital group in the last five years, the company said in a regulatory filing. It did not include medical or clinical information, credit card numbers, or any intellectual property such as data on medical device development, said Community Health, which has 206 hospitals in 29 states.

The attack is said to be the largest of its type involving patient information since a US Department of Health and Human Services website started tracking such breaches in 2009.

Chinese hacking groups are known for seeking intellectual property and social security numbers and other personal data are typically stolen by cybercriminals to sell on underground exchanges for use by others in identity theft.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.