The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
One of the nation’s largest hospital operators said Monday that hackers from China stole personal information belonging to 4.5 million patients. While the data was pilfered between April and June of this year from Community Health System Inc., anyone who was a patient at an affiliated hospital during the past five years might be a victim, the company said.
Community Health Systems operates 206 hospitals in 29 states. In a filing with the Securities and Exchange Commission, the firm said the computer criminals did not steal “medical or clinical information,” but they did obtain Social Security numbers, names, addresses, birth dates and telephone numbers.
Those are the basic ingredients needed to commit so-called “new account” fraud, often the most troublesome for consumers, and most lucrative for criminals.
The announcement comes after the FBI warned healthcare providers back in April that their security systems were “not as resilient to cyber intrusions compared to the financial and retail sectors,” Reuters reported at the time.
Community Health hired security firm Mandiant to conduct the forensic investigation after it learned of the crime. Mandiant, since acquired by security firm FireEye, made a name for itself last year when it published a blockbuster report identifying “APT1,” an organized ring of Chinese hackers devoted to espionage that Mandiant said was linked to the Chinese Army.
It is not clear whether Mandiant blames this hack on APT1, but Community Health said in its filing that its attackers are known for committing espionage.
“This intruder has typically sought valuable intellectual property, such as medical device and equipment development data,” the firm said. “However, in this instance the data transferred was non-medical patient identification data related to the Company’s physician practice operations and affected approximately 4.5 million individuals who, in the last five years, were referred for or received services from physicians affiliated with the Company. ”
Hackers used “highly sophisticated malware and technology” to deploy an advanced persistent threat, the firm said. As opposed to a hit-and-run attack, APTs, as the security community calls them, refer to a hacker strategy involving tools that are used to infiltrate computer networks, then remain hidden for weeks, months or even years, slowly siphoning off data or intelligence.
While medical information was not stolen, the personal information pilfered is considered protected under the Health Insurance Portability and Accountability Act (HIPAA). The hospital chain said it will notify impacted consumers.
If this particular breach or any recent-high profile data leak affected you — and as more and more consumer data gets stolen in data breaches, it’s likely you’ll be affected at some point – it’s important to make a habit of checking your credit. When hackers steal data that can be used to open new accounts (like SSNs and birth dates), you need to be especially vigilant about checking for fraudulent accounts on your credit reports. Fraudulent accounts, left undiscovered by you, can destroy your credit.
If you monitor your credit scores regularly (which you can do for free through Credit.com) and notice a big, unexplained change in your scores, that could be a sign of new account fraud – and is a good indicator that it’s time to check your reports. If you do discover fraudulent accounts on your credit report, contact the creditor as well as the credit reporting agency that issued your report, to notify them of fraud.
Image: iStock
April 11, 2023
Uncategorized
September 13, 2021
Uncategorized
August 4, 2021
Uncategorized