TMCnet News

Federal agencies investigating how hacker gained access to patient data [Herald-Journal, Spartanburg, S.C. :: ]
[August 20, 2014]

Federal agencies investigating how hacker gained access to patient data [Herald-Journal, Spartanburg, S.C. :: ]


(Herald-Journal (Spartanburg, SC) Via Acquire Media NewsEdge) Aug. 20--The FBI and other federal agencies are continuing to investigate a cyberattack that hacked personal information from 4.5 million U.S. health patients, including those at Spartanburg-based Mary Black Health System.



Authorities determined in July that Community Health Systems, Inc. was the target of a foreign-based criminal cyberattack in which patients' personal identification information was hacked, Mary Black announced Monday.

Community Health Systems owns Mary Black.


FBI spokesman Josh Campbell said agents are aware of the compromised patient information, and the FBI is a part of "an ongoing investigation" with Community Health Systems to determine the full extent of the incident.

He said the FBI is committing significant resources and efforts to target, disrupt, dismantle and arrest perpetrators behind the health systems cyberattack and other cyberattacks across the country.

No credit card numbers or medical records were hacked, according to a statement from Mary Black, but the cyberattack did confiscate names, addresses, birthdates, telephone numbers and Social Security numbers.

A report filed with the U.S. Securities and Exchange Commission states the attack affected about 4.5 million people who have either received services or been referred to a physician in the health system within the last five years.

Community Health Systems used the Washington, D.C.-based cybersecurity firm Mandiant to investigate the breach, pinpointing what information was compromised and where the attack originated.

Mandiant's investigation with federal authorities determined the hacker intended to find valuable intellectual property, including medical device and equipment development data, according to the Securities and Exchange Commission report.

The report states the attacker was an "advanced persistent threat" group from China.

U.S. Department of Homeland Security is aiding the FBI and U.S. Department of Health and Human Services with the investigation through the National Cybersecurity and Communications Integration Center (NCCIC), said DHS spokesman S.Y. Lee.

Lee said the department has received no information that would indicate the breach extended beyond Community Health Systems' networks.

"NCCIC's U.S. Computer Emergency Readiness Team will continue to monitor this situation as it evolves and remain ready to provide response, support and defense against any potential cyber threats when requested," Lee said in a statement.

Mary Black Memorial Hospital on Skylyn Drive in Spartanburg houses 207 beds for patients.

Community Health Systems owns or operates 206 hospitals in 29 states totaling more than 31,000 beds, according to its website.

Community Health Systems spokeswoman Tomi Galin declined to specify how the security breach was first discovered or provide additional details on what security measures have since been put into place to prevent further attacks.

The report with the Securities and Exchange Commission states that the company eradicated the malware from its computer systems and implemented other efforts to protect against future intrusions.

Mary Black and Community Health Systems have sent letters to patients to notify them of the breach and offer free identity theft protection.

Campbell said patients affected should monitor and safeguard their personal identifiable information and report instances of identity theft to the FBI's Internet Crime Complaint Center at www.ic3.gov.

___ (c)2014 Spartanburg Herald-Journal (Spartanburg, S.C.) Visit the Spartanburg Herald-Journal (Spartanburg, S.C.) at www.GoUpstate.com Distributed by MCT Information Services

[ Back To TMCnet.com's Homepage ]