Data from 4.5m U.S. hospital patients stolen in Chinese cyber attack

One of the biggest U.S. hospital operators, Community Health Systems Inc, said it suspected personal data of about 4.5 million clients were stolen by Chinese hackers from its computer network. The company and its security contractors Mandiant, a unit of FireEye Inc, believes the attack occurred in April and June, Community Health Systems said in a regulatory filing. Security experts said the hacking group, known as “APT 18,” may have links to the Chinese government. “APT 18” typically targets companies in the aerospace and defense, construction and engineering, technology, financial services and healthcare industry, said Charles Carmakal, managing director with FireEye Inc’s Mandiant forensics unit, which led the investigation of the attack on Community Health in April and June.

They have fairly advanced techniques for breaking into organizations as well as maintaining access for fairly long periods of times without getting detected.

Charles Carmakal, managing director with FireEye Inc’s Mandiant forensics unit

The information stolen from Community Health included patient names, addresses, birth dates, telephone numbers and Social Security numbers of people who were referred or received services from doctors affiliated with the hospital group in the last five years, the company said in a regulatory filing. The attack is the largest of its type involving patient information since a U.S. Department of Health and Human Services website started tracking such breaches in 2009.