According to a July 2014 regulatory filing, Community Health Systems (CHS), who operates over 200 hospitals in 28 states, disclosed that its computer network was compromised by a criminal cyber attack that the they believe occurred in April and June, 2014.
The breach is believed to have compromised sensitive patient identification information leaving approximately 4.5 million patients and customers of CHS at risk of identity theft and financial fraud.
CHS and its forensic expert, Mandiant, believe the attacker was an “Advanced Persistent Threat” group originating from China. The attacker was able to bypass the company’s security measures and successfully copy and exfiltrate data outside the company.
CHS believes it has removed the attacker’s malware from its systems. They have also completed other remediation efforts designed to protect against future intrusions of this type. CHS patients and customers at risk of identity theft should monitor the credit and banking statements for indications of fraud.
US Homeland Security announced this week they are working together with the FBI and the Department of Health and Human Services to assist in sharing specific vulnerabilities and mitigations with the healthcare industry to prevent similar breaches from occurring in the future.