Community Health Systems data hack hits 4.5 million

Stethoscope Community Health Systems has 206 hospitals across the US

Related Stories

A major US hospital group said it was the victim of a cyber-attack resulting in the theft of 4.5 million people's personal data.

The attack, which Community Health Systems believed originated in China, happened in April and June this year.

The data included patient names, addresses, birthdates, telephone numbers and social security numbers.

The firm, which runs 206 hospitals in 29 states, is now in the process of notifying affected patients.

One security expert warned that the data could be used to steal people's identity.

The FBI confirmed to news agency Reuters that it was investigating the breach.

Community Health Systems stressed that it believed no medical or credit card records were taken.

News of the attack follows several warnings, from both law enforcement and security experts, that medical equipment is at risk from hack attacks due to poor security measures.

Community Health Systems said security group Mandiant, part of FireEye, advised the company that the techniques used were similar to those used by a well-known Chinese hacking group.

However, both Community Health Systems and Mandiant declined to elaborate on the identity of the group - nor would they say whether they believed the hackers were working on behalf of the Chinese government.

Personal impact

Lamar Bailey, director of security research and development at cybersecurity firm Tripwire, said the fact medical records and credit card details were not stolen will be of little comfort to those affected.

"When financial data is stolen, such as when credit card numbers are stolen from retailers, the retailer and card issuers are hit with the fraudulent charges and the costs for generating new cards.

"But when personal information is stolen - name, address, phone number, birthdates, and social security number - it impacts the person and not a company.

"This is the information needed for identity theft to allow criminals to open accounts in the names of the 4.5 million victims."

In May, the US charged five Chinese military officers over claims they were behind hacks on US companies. The officers denied the charges, and the Chinese government said the action was "groundless" and represented "US distrust".

More on This Story

Related Stories

More Technology stories

RSS

Features & Analysis

BBC Future

Digitised dollar bill

Surprising way to get rich online

Reddit founder’s new money-making scheme Read more...

Programmes

  • The Audi RS7Click Watch

    Tech news review of the week including a speed record for a self-driving car

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.