Community Health Systems Victim of Cyber Attack

Chinese hackers steal Social Security Numbers and other personal data belonging to approximately 4.5 million patients. Learn how to prevent attacks.

August 25, 2014 by Andreas Krebs

Cyber Attack All Covered

Another week, another cyber-attack to report. This time hospital group Community Health Systems Inc. reported last week that it was the victim of a cyber-attack from China. The hackers stole Social Security Numbers and other personal data belonging to approximately 4.5 million patients. The attack was the largest of its type involving patient information since the U.S. Department of Health and Human Services began tracking such breaches in 2009.

The stolen data included patient names, addresses, birth dates, telephone numbers, and Social Security Numbers of people who were referred, or received, services from doctors associated with the group in the last five years. It has been reported that the breach did not include medical or clinical information.

The team of hackers responsible for the breach belongs to a high-tech group in China that has targeted companies across a variety of industries, including healthcare, according to Charles Carmakal, managing director of FireEye’s forensics unit. This unit led the investigation of the attack in April and June. The Department of Homeland Security said it believed the incident was isolated to Community Health Systems. However, Homeland Security shared the technical details about the attack with other healthcare providers.

The FBI warned the healthcare industry in April that its protection was weak compared to other industries. Ultimately, this weakness has made it vulnerable to hackers in search of details that could be used to access bank accounts or acquire highly sought-after medications.

Preventing Attacks

This is another example of how cyber-attacks have become more prevalent. While many businesses today are aware of cyber security, they may not completely understand how to prevent such an attack. Industries, such as healthcare, can prove to be especially sought-after by hackers due to the high level of personal information within hospitals, surgical centers, health insurance companies, and the like.

In addition to ensuring employees have complex passwords, do not access questionable sites, and keep virus protection up to date, there are other ways to keep a network secure.

  • Assess risks regularly: Cyber-criminals look for businesses with a low level of protection as an entry point to attack larger organizations with which they have a current relationship. Therefore, it is important to assess risks regularly and identify new points of vulnerability. Then build a plan of attack to protect against those vulnerabilities.

  • Limit physical access to network components: Access to a company’s server room should be limited to a small number of individuals who require it. The server room contains the information and infrastructure vital to a company’s success. Therefore, make sure the server room and the components housed within are strictly limited.

  • Employ experts when needed: If an added level of expertise is required, it is worthwhile to bring in an outside agency that can evaluate a company’s current security plan and build an enhanced solution specifically for that business.


 

The All Covered Difference


All Covered is here to work with you to set up, configure and monitor your IT Security to prevent security risks like hackers. Our goal is to protect your company’s data and to ensure you have the ability to recover from a disaster or data loss event quickly and effectively. Contact us today at (866)446-1133 for more information or to schedule a consultation.

CTA