U.S. News


Chinese Hackers Steal 4.5M U.S. Hospital Patient Records

Information reportedly stolen from hospital patients includes names, addresses, birth dates, telephone numbers, and Social Security numbers.
Posted at 8:02 PM, Aug 18, 2014

As headlines about hacking and potential spying continue to roll in, you may be starting to wonder if anywhere is safe for your personal and financial data.

Back in June, reports revealed you could have put yourself at risk of having your credit card info stolen just by eating dinner at a P.F. Chang’s. (Video via Los Angeles Times

And in December 2013 news broke that more than 100 million customers had their financial data swiped just because they picked up a few items at Target. (Video via Bloomberg)  

Well, now there’s a new place to no longer feel safe — while you’re laid up in a hospital bed.

According to reports Chinese hackers may have stolen the personal data of more than 4.5 million patients of hospitals run by Franklin, Tennessee-based Community Health Systems.

That company operates some 206 hospitals in 29 states — most of those in rural parts of the southeastern U.S.

According to an SEC filing from the company, the information that was stolen includes “non-medical patient identification data related to the Company’s physician practice operations,” from the last five years.

Or, as USA Today reports, “names, addresses, birth dates, telephone numbers, and Social Security Numbers.”

You might notice, that doesn’t include credit card data, or medical history records — and according to Re/code, at this point, the purpose behind the attack is not entirely clear. Which makes it a little different from most hacks.

As Fox Business notes:“The attack is a departure from many recent breaches in which hackers, many of whom reside in Eastern Europe, snag personal information and sell it on the cyber black market.”

But, it’s still perhaps no less dangerous. The BBC quotes the Director of Security Research at cybersecurity firm Tripwire saying, "This is the information needed for identity theft to allow criminals to open accounts in the names of the 4.5 million victims."

After discovering the hack, which reportedly happened between April and June of this year, Community Health Systems hired security firm Mandiant to investigate.

And the company has some experience investigating Chinese hackers. Last year it issued a report on alleged Chinese hacking of U.S. companies by a group known as “Unit 61398” that reportedly went back as far as 2006.

The U.S. Department of Justice has since indicted five members of that group for stealing trade secrets. 

Mandiant is yet to determine if this hack may have been perpetrated by that “Unit 61398,” but did say they believed it was carried out by Chinese hackers. 

Community Health Systems is now reportedly contacting affected patients and offering free identity theft protection.

This video contains an image from powtac / CC BY NC ND 2.0.