Posted on 08/18/2014 12:09:37 PM PDT by detective
(Reuters) - Community Health Systems Inc , one of the biggest U.S. hospital groups, said on Monday it was the victim of a cyber attack from China, resulting in the theft of Social Security numbers and other personal data belonging to 4.5 million patients.
That would make the attack the largest of its type involving patient information since a U.S. Department of Health and Human Services website started tracking such breaches in 2009. The previous record, an attack on a Montana Department of Public Health server, was disclosed in June and affected about 1 million people.
The attackers appear to be from a sophisticated hacking group in China that has breached other major U.S. companies across several industries, said Charles Carmakal, managing director with FireEye Inc's Mandiant forensics unit, which led the investigation of the attack on Community Health in April and June.
(Excerpt) Read more at news.msn.com ...
I have been told that Obamacare has been a great opportunity for the identity thieves in China, North Korea etc.
It seems like the Obama Administration has made a deal with the Chinese government that it is ok for them to engage in cybercrime against American citizens.
Mama always said ... them computers are nothin’ but trouble.
“There is no requirement that this information be protected and secured. “
There are many many laws which require it to be protected.
HIPPAA.
“The FBI had warned the industry in April that its protections were lax compared with other sectors, making it vulnerable to hackers looking for details that could be used to access bank accounts or obtain prescriptions.
Over the past six months Mandiant has seen a spike in cyber attacks on healthcare providers, though this was the first case it had seen in which a sophisticated Chinese group has stolen personal data, according to Carmakal.”
Those “many, many laws” don't seem to be working.
Laws and regulations require some protection but not enough to protect from foreign cybercriminals.
Or they sold it
Montana Health Department was also hacked in May of this year accessing approximately 1.3 million patients. Smaller groups have also been hacked.
I run a security company and we focus on healthcare. In general health care is well behind other industries in regards to IT security. It just has not been a priority. The Feds are enforcing it now and people are trying to catch up but most don’t have the money or know how.
With that said, the Chinese get into the most secure systems. Fighting them defensively isn’t going to work.
The Current FReepathon Pays For The Current Quarter's Expenses?
But why can't my doctor just keep my info? Why does it have to be on computers with many others where it is almost certain to be a target for cybercrime?
when our passwords are stolen we’re advised to change our passwords
so when our social security numbers are stolen are we supposed to get new social security numbers?
IMO putting medical records into computers is a good thing. It reduces errors, increases security, and improves care.
Unfortunately the feds are doing they can to abuse the data and us. We need protections from the federal govt and insurance companies.
Its already a target anyway, as its in the insurance companies computers. Healthcare is just way behind. Until you make it more painful to lose data then to protect it the executives will rarely do the right thing, regardless of what industry they work in.
Good reply.
Thanks.
Great analysis on your part. CHS has grown from under 50 hospitals to over 200 in six years. Their Corporate IT has had to deal with myriad legacy platforms, countless software add ons, and a focus on EHR to earn the maximum Medicare bonuses. System security, not so much. Maintaining EBITDA at CHS is job one.
I’ve had numerous executives tell me they didn’t want to know where their problems were. If they knew they’d have to fix it. If they didn’t know they could always claim ignorance.
It used to be that execs were held to a higher standard - that they were charged with knowing what was going on, that they should know. Now they can claim ignorance or have some plausible deniability in the very essence of their job functions because as a whole, the world has become a place where accountability is at best an afterthought.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.