Community Health Systems, one of the country’s largest hospital groups, announced this week that it has fallen victim to a cyberattack from Chinese hackers.
This may be the largest breach involving patient information of its kind to have occurred since the U.S. Department of Health and Human Services started tracking such breaches on its website in 2009, Reuters reported.
The breach resulted in the theft of Social Security numbers and other personally identifiable information (PII) for 4.5 million patients who were either referred to or received services from doctors affiliated with hospitals in the CHS network in the last five years. According to The Hill contributor Elise Viebeck, the breach seems to have occurred sometime between April and June of 2014 and affected patients at the more than 200 CHS hospitals in 29 states.
The cybercriminals involved in the breach appear to be members of a sophisticated hacking group in China that has been responsible for attacking other major U.S. companies in a variety of industries, according to cybersecurity expert Charles Carmakal.
“They have fairly advanced techniques for breaking into organizations as well as maintaining access for fairly long periods of times without getting detected,” said Carmakal in an interview with Reuters.
Industry Warned About Need for Increased Security Prior to Breach
The cybersecurity of healthcare providers has come under increased scrutiny recently, both by regulators and would-be attackers. The FBI is actively investigating the case, according to Reuters, but has declined to comment.
The agency did, however, warn the medical industry in April 2014 that its defenses were insufficient compared with those of other sectors. Lax security policies make for an enticing target for malicious actors looking to obtain information that could be used to access bank accounts or prescription medications.
The need for reliable enterprise security solutions will only increase as time goes on, especially for companies in the healthcare industry. One of the best ways to protect sensitive information and combat cyberattacks is employing strong authentication methods to protect access and the theft of digital identities.