'Chinese crims' snatch 4.5 MILLION patient files from US hospitals

Don't worry, says Community Health Systems, we're insured


One of the largest healthcare providers in the US claims Chinese hackers ran riot through its systems between April and June this year – accessing names, addresses and social security numbers of millions of patients.

But Community Health Systems (CHS) insists no medical records nor any financial data were grabbed by the miscreants. The biz oversees 206 hospitals in 29 states across America.

"Unfortunately, we have joined numerous American companies and institutions who have been victimized by highly sophisticated, criminal cyber-attacks originating out of China," CHS spokesperson Tomi Galin told The Register in a statement today.

"We worked quickly to identify and eradicate the intruder and we are also working closely with federal law enforcement authorities as they pursue the criminals responsible. While we did have security measures in place to protect our computer network and electronically stored information, this attacker used very sophisticated methods to bypass security systems.

"Importantly, no patient medical or financial information was transferred as a result of this intrusion. The company carries cyber and privacy liability insurance. We do not believe this incident will have a material adverse effect on our business or financial results."

According to an 8K filing [PDF] to US financial watchdog the Securities and Exchange Commission, the attackers were trying to get hold of medical device and equipment development data, but were prevented from grabbing it by the security systems the Fortune 500 company had in place.

What the hackers did get hold of was 4.5 million records detailing the names, addresses, birth dates, telephone numbers and social security numbers of patients who have used the hospital chain during the past five years. According to the filed paperwork:

The company and its forensic expert, Mandiant (a FireEye Company), believe the attacker was an “Advanced Persistent Threat” group originating from China who used highly sophisticated malware and technology to attack the company’s systems. The attacker was able to bypass the company’s security measures and successfully copy and transfer certain data outside the company.

All affected citizens are now being contacted, the hospital group said, and identity theft protection will be offered to those who are targeted from the data swiped from its servers. Since the hospital is insured against such attacks, the financial effects should be minimal, the 8K filing states, but that hasn't impressed some in the security industry.

"The unfortunate reality is that most (but not all) of the healthcare providers have little concern for nor have they invested in IT security. There is no incentive for them to invest, nor is there any material consequence of their failure to protect their infrastructure," said Philip Lieberman, president of password and identity management biz Lieberman Software.

"The funny postscript to this article is that Community Health's stock was up 48 cents at $51.48 in late-morning trading on the New York Stock Exchange, which could be translated to say that a data breach is good for the shareholders. That is how sick IT security is at health care providers."

Last year the Office of National Counterintelligence warned Congress that Chinese hackers and other miscreants are targeting American healthcare companies to get intellectual property pertaining to new drugs and medical equipment. It now appears those warnings were more accurate than first thought. ®


Other stories you might like

  • Former chip research professor jailed for not disclosing Chinese patents
    This is how Beijing illegally accesses US tech, say Feds

    The former director of the University of Arkansas’ High Density Electronics Center, a research facility that specialises in electronic packaging and multichip technology, has been jailed for a year for failing to disclose Chinese patents for his inventions.

    Professor Simon Saw-Teong Ang was in 2020 indicted for wire fraud and passport fraud, with the charges arising from what the US Department of Justice described as a failure to disclose “ties to companies and institutions in China” to the University of Arkansas or to the US government agencies for which the High Density Electronics Center conducted research under contract.

    At the time of the indictment, then assistant attorney general for national security John C. Demers described Ang’s actions as “a hallmark of the China’s targeting of research and academic collaborations within the United States in order to obtain U.S. technology illegally.” The DoJ statement about the indictment said Ang’s actions had negatively impacted NASA and the US Air Force.

    Continue reading
  • TikTok US traffic defaults to Oracle Cloud, Beijing can (allegedly) still have a look
    Alibaba hinted the gig was worth millions each year

    The US arm of Chinese social video app TikTok has revealed that it has changed the default location used to store users' creations to Oracle Cloud's stateside operations – a day after being accused of allowing its Chinese parent company to access American users' personal data.

    "Today, 100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," the company stated in a post dated June 18.

    "For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data," the post continues. "We still use our US and Singapore datacenters for backup, but as we continue our work we expect to delete US users' private data from our own datacenters and fully pivot to Oracle cloud servers located in the US."

    Continue reading
  • Whatever hit the Moon in March, it left this weird double crater
    NASA probe reveals strange hole created by suspected Chinese junk

    Pic When space junk crashed into the Moon earlier this year, it made not one but two craters on the lunar surface, judging from images revealed by NASA on Friday.

    Astronomers predicted a mysterious object would hit the Moon on March 4 after tracking the debris for months. The object was large, and believed to be a spent rocket booster from the Chinese National Space Administration's Long March 3C vehicle that launched the Chang'e 5-T1 spacecraft in 2014.

    The details are fuzzy. Space agencies tend to monitor junk closer to home, and don't really keep an eye on what might be littering other planetary objects. It was difficult to confirm the nature of the crash; experts reckoned it would probably leave behind a crater. Now, NASA's Lunar Reconnaissance Orbiter (LRO) has spied telltale signs of an impact at the surface. Pictures taken by the probe reveal an odd hole shaped like a peanut shell on the surface of the Moon, presumably caused by the Chinese junk.

    Continue reading
  • Beijing-backed attackers use ransomware as a decoy while they conduct espionage
    They're not lying when they say 'We stole your data' – the lie is about which data they lifted

    A state-sponsored Chinese threat actor has used ransomware as a distraction to help it conduct electronic espionage, according to security software vendor Secureworks.

    The China-backed group, which Secureworks labels Bronze Starlight, has been active since mid-2021. It uses an HUI loader to install ransomware, such as LockFile, AtomSilo, Rook, Night Sky and Pandora. But cybersecurity firm Secureworks asserts that ransomware is probably just a distraction from the true intent: cyber espionage.

    "The ransomware could distract incident responders from identifying the threat actors' true intent and reduce the likelihood of attributing the malicious activity to a government-sponsored Chinese threat group," the company argues.

    Continue reading

Biting the hand that feeds IT © 1998–2022