View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 19, 2014

Why security is pondering over hacking of US medical group

Chinese APT group thought to be behind breach affecting 4.5 million.

By Jimmy Nicholls

A mass hack affecting 4.5 million patients of Community Health Systems [CHS] has prompted speculation over hackers’ motives from the security sector.

Names, addresses, birthdates, telephone numbers and social security numbers were taken from the American company using complex malware in a breach spanning five years’ worth of data.

Jerome Segura, senior security researcher at security firm Malwarebytes, said: "While the number is astonishing and makes it one of the largest breaches in the medical field, it may not have been the perpetrators’ actual goal.

"If the group behind this was one of the suspected hacking units from China, their motive generally is the theft of intellectual property [IP]."

Security firm Mandiant, which investigated the breach, believes that an advanced persistent threat (APT) group from China was behind the breach, and confirmed that IP is the usual target in the suspected intruder.

However in this case medical device and equipment data appears not to have been affected, and neither has payment information, according to CHS.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Segura added that the medical sector was particularly vulnerable to attacks circumventing traditional security through social engineering, and was relying on liability insurance to cover themselves.

CHS confirmed that it does carry such insurance, and will be offering identity theft services to those affected in the attack.

Charles Sweeney, chief executive at security firm Bloxx, warned against firms becoming complacent about the loss of personal data.

"As we hurtle towards a more connected future with the new world of big data, it is worrying that even with the personal information stolen in this data breach a hacker could set up a mobile phone or apply for a credit card in my name and potentially damage my credit rating," he said.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.