http://online.wsj.com/articles/community-health-systems-says-its-suffered-criminal-cyberattack-1408365259
By ERIN MCCARTHY
The Wall Street Journal
Aug. 18, 2014
Community Health Systems Inc. CYH +1.29% said Monday that its computer
network was a target of an external criminal cyberattack in April and June
that affected data related to some 4.5 million individuals.
The rural hospital operator and cybersecurity firm Mandiant believe the
attacker was an "Advanced Persistent Threat" group originating from China,
it said. The attacker, which used highly sophisticated malware and
technology to attack the company's systems, was able to bypass Community
Health Systems' security measures and to successfully copy and transfer
certain data outside the company, it said.
The company said it is notifying affected patients and regulatory agencies
as required by law. The data transferred, which was nonmedical
patient-identification data related to the company's physician-practice
operations, affected about 4.5 million individuals who were referred for
or received services from company-affiliated physicians during the past
five years. The data includes patient names, addresses, birth dates,
telephone numbers and Social Security numbers, but not patient
credit-card, medical or clinical information. Community Health Systems
said it would offer identity-theft protection services to those affected
by the attack.
The intruder has typically sought valuable intellectual property, such as
medical-device and equipment-development data, according to federal
authorities and Mandiant, Community Health Systems said.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
