Chinese hackers hit Community Health Systems; others vulnerable
Skip to main content
MDHC_Logotype_white
Subscribe
  • My Account
  • Login
  • Subscribe
  • News
    • This Week's News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • People
    • Regional News
    • Digital Edition
    • Bill delaying Medicare cuts heads to Biden's desk after House passage
      When money talks. Why cash pay is becoming more popular
      Stocks close mixed as regulators seek pause in J&J vaccine
      Long-term care providers concerned by effects of J&J COVID-19 vaccine pause
    • Bill delaying Medicare cuts heads to Biden's desk after House passage
      Stocks close mixed as regulators seek pause in J&J vaccine
      Long-term care providers concerned by effects of J&J COVID-19 vaccine pause
      Redfield joins Big Ass Fans, which promotes controversial COVID-killing technology
    • COVID hospitalizations in Michigan top fall surge; Beaumont seeing nurse 'burnout'
      Calls mount for Biden to track U.S. healthcare worker deaths from COVID
      Front-line workers want more assistance after a year of COVID-19
      Healthcare providers enter Philadelphia's legal fight to enact gun laws
    • California re-opens enrollment for health insurance coverage
      Insurers are partnering to offload the costs of kidney failure patients
      Cigna and Oscar expand their small business partnership
      5 things to know about Agilon Health's proposed IPO
    • Long-term care providers concerned by effects of J&J COVID-19 vaccine pause
      Lawmakers seek long-term limit on governors' emergency power
      Reforms follow deadly year in New York nursing homes
      MACPAC approves recommendations on specialty drugs, behavioral health
    • Stocks close mixed as regulators seek pause in J&J vaccine
      Outgoing UHS chief made almost 50% less in 2020 than 2019
      A hundred dollar bill cut into strips with a colorful background.
      Population health still at odds with fee-for-service
      Private equity could increase long-term Medicare spending, MedPAC says
    • Healthcare data breaches
      By the Numbers: National health information service providers
      Health systems are navigating the digital divide and vaccine access
      woman doctor shaking hands with nurse and smiling
      Sponsored Content Provided By Philips
      A stronger healthcare system requires bold new ways of working together
    • FDA pauses enforcement of in-person dispensing requirement for abortion pill
      U.S. recommends 'pause' for J&J vaccine over clot reports
      Tweaked COVID vaccines in testing aim to fend off variants
      More women than men are getting vaccines
    • Redfield joins Big Ass Fans, which promotes controversial COVID-killing technology
      Next Up Podcast: Modern Healthcare's editor Aurora Aguilar talks new content direction
      Novant Health adds chief payor performance officer
      Kaiser Permanente names Comer chief IT officer
    • Midwest
    • Northeast
    • South
    • West
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
    • The Affordable Care Act after 10 years
    • A close-up of a woman receiving a COVID-19 vaccine.
      Providers in underserved communities work toward equitable vaccine distribution
      Josh Bradshaw
      How one rural Illinois county vaccinated 84% of its senior citizens by early March
      Dr. John Fischer
      Patient-reported outcomes tool for hernia surgery helps physicians improve care
      New care model helps primary-care practices treat obesity
    • A family photo of the the Hangens.
      Stressing the already burdened pediatric behavioral health system
      Jennifer Pannone and her daughter Victoria.
      Mental health access for children needs attention
      What's next for on-demand telehealth companies?
      A CalOptima PACE vaccination clinic.
      Will COVID-19 be the catalyst for creating a more sustainable healthcare system?
    • Ryan McGinnis
      Finding efficiencies in the OR using tech
      Dr. Daniel Hall
      UPMC pilots machine learning, telehealth to inform patient transfers
      A woman being recorded using her inhaler on a smartphone.
      Digital check-ins, connected inhalers help control asthma
      A phone screen showing the question, "Mary we hope this information was helpful and we'd like to keep guiding you. Are you interested in knowing when it's your turn to receive the vaccine?"
      Chatbots, texting campaigns help manage influx of COVID vax questions
  • Transformation
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Diabetes patients at high risk for COVID-19 are managing conditions more effectively
      Nearly 1 in 5 Americans skipped care due to cost last year
      COVID-19 long-haulers need holistic treatment, providers say
      Amazon expanding employee clinics into two more states
    • Amazon gives out $12M under next phase of AWS diagnostics development initiative
      Malpractice premiums peak in 2020, AMA survey shows
      A rendering of a cancer research institute at the University of Southern California that will include 5G.
      Healthcare providers determine how to best use ultrafast 5G
      Two-thirds of largest hospitals aren't complying with price transparency rule
    • Addressing long-standing barriers needed for mental and physical health integration
      A close-up of a woman receiving a COVID-19 vaccine.
      Providers in underserved communities work toward equitable vaccine distribution
      The waiting room of a Kaiser Permanente clinic at a Target location.
      Health systems revamp their approach to retail clinics
      Josh Bradshaw
      How one rural Illinois county vaccinated 84% of its senior citizens by early March
    • When money talks. Why cash pay is becoming more popular
      CMS wants to bump pay for hospices, SNFs next year
      CMMI pauses new Direct Contracting model applications
      CMS wants to boost payments over 2% for inpatient rehab, psych facilities
  • Data/Lists
    • Rankings/Lists
    • Interactive Databases
    • Data Points
    • Health Systems Financials
      Executive Compensation
      Physician Compensation
  • Op-Ed
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
    • Dr. Alan Kaplan
      The risks, rewards of taking organizations 'where they haven’t gone before'
      Wellstar CEO calls adapting for the pandemic her bold move
      Howard P. Kern
      Recognizing the value of telehealth in its infancy
      Dr. Stephen Markovich
      A bold move helped take him from family doctor to OhioHealth CEO
    • Drs. Hal Paz and Joshua J. Joseph
      Mobilized to fight the COVID crisis: a blueprint for community and academic partnerships
      Dr. Stephen Markovich
      Making sure we're aligned along the path to achieving inclusion
      Barry Ostrowsky
      Ending racism is a journey taken together; the starting point must be now
      Laura Lee Hall and Gary Puckrein
      Increased flu vaccination has never been more important for communities of color
    • Five lessons for securing our children's future
      We're losing engaged providers, and healthcare will pay the price
      Bonnie Castillo and John Welton
      Dueling opinions: The role of mandated nurse staffing ratios
      Dr. Chris DeRienzo
      How COVID-19 broke health systems and made them stronger
    • Letters: Eliminating bias in healthcare needs to be ‘deliberate and organic’
      Letters: Maybe dropping out of ACOs is a good thing for patients
      Letters: White House and Congress share blame for lack of national COVID strategy
      Letters: VA making strides to improve state veterans home inspections
    • Sponsored Content Provided By Optum
      How blockchain could ease frustration with the payment process
      Sponsored Content Provided By Optum
      Three steps to better data-sharing for payer and provider CIOs
      Sponsored Content Provided By Optum
      Reduce total cost of care: 6 reasons why providers and payers should tackle the challenge together
      Sponsored Content Provided By Optum
      Why CIOs went from back-office operators to mission-critical innovators
  • Awards
    • Award Programs
    • Nominate
    • Previous Award Programs
    • Other Award Programs
    • Voting Open - 50 Most Influential Clinical Executives
      Nominations Open - Top 25 Innovators
      Nominations Open May 24 - Top 25 Emerging Leaders
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Minorities in Healthcare
      • - Luminaries
      • - Top 25 Minority Leaders
      • - Minorities to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Excellence in Nursing Awards
    • Design Awards
    • Top 25 COOs in Healthcare
    • 100 Top Hospitals
    • ACHE Awards
  • Events
    • Conferences
    • Galas
    • Webinars
    • COVID-19 Event Tracker
    • emburse certify modern healthcare custom media webinar logo lockup
      Sponsored Content Provided By Emburse
      Webinar: Making it easy to manage costs
      virtualmed staff modern healthcare custom media logo lockup
      Sponsored Content Provided By VirtualMed Staff
      Webinar: Best practices for creating a successful telepsychiatry program
      telehealth visit man touching neck while speaking to doctor on computer
      Sponsored Content Provided By Accumen
      Webinar: How telehealth has evolved into a standard of care
      modern healthcare custom media and trimedx custom webinar logo lockup
      Sponsored Content Provided By TRIMEDX
      Webinar: Bridging the gap between clinicians and administration to improve capital equipment planning
    • Women Leaders in Healthcare Conference
    • Social Determinants of Health Symposium
    • Healthcare Transformation Summit
    • Leadership Symposium
    • Virtual Briefings
      • - Hospital of the Future
      • - Mental Health
      • - Patient Safety & Quality
      • - Strategic Marketing
      • - Virtual Health
      • - Workplace of the Future
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Minority Leaders Gala
    • Top 25 Women Leaders Gala
  • Listen
    • Podcast - Next Up
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
    • Next Up Podcast: Modern Healthcare's editor Aurora Aguilar talks new content direction
      Dr. Chris DeRienzo
      Next Up Podcast: Building team spirit in the wake of COVID-19
      Mikelle Moore
      Next Up Podcast: Mikelle Moore on recognizing all hospital workers during the pandemic
      Empty boardroom
      Next Up Podcast: What's going to happen tomorrow? Succession planning during emergencies
    • Beyond the Byline: Kids' unchecked mental health needs pose long-term consequences
      Beyond the Byline: How COVID-19 has impacted hospital finances
      An older man sitting on a hospital bed with his back toward the camera.
      Beyond the Byline: Upcoding could explain why hospitals are increasingly billing for the most complex treatment
      Beyond the Byline: Insurers are betting on virtual-first plans as COVID-19 shifts care pathways
    • James garvert neustar healthcare insider podcast image
      Building on basics
      Healthcare Insider Podcast Episode Art - Premier
      Why Roger Weems and other consultants are leaving the big firms to join Premier
      James garvert neustar healthcare insider podcast image
      Outreach during COVID-19
      ann barnes healthcare insider podcast image
      Leading with intention to promote diversity and inclusion
    • The Check Up: Dr. James E.K. Hildreth
      The Check Up: Dr. James E.K. Hildreth of Meharry Medical College
      The Check Up: Matt Eyles
      The Check Up: Matt Eyles of AHIP
      The Check Up: Dr. Tom Shanley
      The Check Up: Dr. Tom Shanley of Lurie Children’s Hospital of Chicago
      The Check Up: Dr. Harold Paz
      The Check Up: Dr. Harold Paz of Wexner Medical Center at Ohio State University
    • ivana naeymi-rad one on one intelligent medical objects
      Video: Ivana Naeymi Rad of Intelligent Medical Objects
  • MORE +
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Providers
August 18, 2014 01:00 AM

Chinese hackers hit Community Health Systems; others vulnerable

Beth Kutscher and Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Print

    (Story updated at 3:05 p.m. ET on Monday, August 18.)

    An outside group of hackers targeted Community Health Systems' computer network and stole 4.5 million individuals' nonmedical patient data, the company disclosed Monday in a regulatory filing.

    The Franklin, Tenn.-based chain, which says it has 206 hospitals in 29 states, said a group originating in China used highly sophisticated malware and technology in the criminal attack. It believes the hackers were searching for intellectual property on medical devices and other equipment, but instead stole data on patients who sought care from its physician practices.

    The data included names, addresses, birthdates, telephone numbers and Social Security numbers—all of which are protected under the Health Insurance Portability and Accountability Act. However, the data did not include financial or medical information, Community said.

    CHS reported it is working with Mandiant, an information security company, to investigate the incident and help prevent future attacks. Community already has removed the malware from its network and finalized remediation efforts. Federal law enforcement agents also are investigating the incident, which Community discovered last month and which it believes occurred in April and June.

    The chain notified affected patients and is offering them identity theft protection services. Community said it carries cyber and privacy liability insurance for this purpose.

    This year, said Michael “Mac” McMillan, CEO of CynergisTek, there has been a spike in hacking activity directed at hospitals. Such activity hasn't been publicly disclosed because hacks were stopped before data was compromised, he said. CynergisTek is an Austin, Texas,-based security consulting firm,

    “I know at least a half a dozen or so hacks against hospitals we work with where the data wasn't transferred, but it still caused a lot of disruption. But it wasn't a HIPAA issue, so it didn't get reported.

    Hospitals are “going to become a bigger and bigger target as the hacking community figures out it's easier to hack a hospital than it is to hack a bank and you get the same information,” McMillan said. “I'm not sure healthcare is listening yet.”

    The Community Health breach has not yet been posted on the public “wall of shame” website, kept by the Office for Civil Rights at HHS since 2009 under the mandate of the American Recovery and Reinvestment Act.

    Officials at the civil rights office, which has federal enforcement authority for HIPAA violations, were unavailable for comment at deadline.

    If the CHS breach makes the list, it will be the second largest of 1,083 breaches and by far the largest attributed to hackers.

    The law requires that breaches involving 500 or more individuals be publicly posted. Such larger breaches thus far have exposed the records of nearly 33.8 million individuals. In addition, through March 1 of this year, there have been about 116,000 breaches involving fewer than 500 individuals' records each, according to the OCR.

    Hacks leading to breaches are fairly rare but they tend to be more calamitous than the average breach on the OCR's public list.

    There are 76 breaches, or 7% of the total reported major breaches on the civil-rights office's list, that have been attributed to a “hacking/IT incident,” but they account for 9% of all records exposed.

    The average hacking breach involved 38,718 records, compared with 31,185 records for the average breach overall, with the median hack affecting 2,821 records compared with 2,350 for all breaches.

    Heretofore, the dubious distinction of worst hack on the civil-rights office list went to the Utah Department of Technology Services, whose servers carrying more than three quarters of a million records of the beneficiaries of the Utah Medicaid and Children's Health Insurance Program were breached in 2012 by hackers “believed to be operating out of Eastern Europe.”

    The breach cost the state Department of Health $3.4 million, with other triggered systems improvements pushing the total cost up to $9 million, the Salt Lake Tribune reported.

    But the Community Health System attack set a new standard and may be a harbinger of hacks already occurring behind closed doors throughout the healthcare industry, privacy and security experts such as McMillian agree.

    “This appears to be a crime of opportunity in which attackers penetrate a system for one type of information, such as IP, but in the process find they also have access to highly marketable PII (personally identifiable information),” said Stephen Cobb of ESET, an IT security firm based in Bratislava, Slovakia, with North American headquarters in San Diego. “The existence of thriving underground markets in all forms of stolen data enables cyber-criminals to efficiently monetize such opportunities.”

    “That's the worst hack I've ever heard about,” said Pam Dixon, executive director of the World Privacy Forum, a San Diego based not-for-profit advocacy group. “They pulled out exactly what they wanted to pull out. They can create new credit cards with these identities and won't get dinged and they can go commit crimes with those identities,” such as human trafficking, Dixon said.

    McMillan said an advanced persistent threat, the threat type cited by Community in its breach, “is a particular malware that never seems to go away.”

    “It's out there in the environment,” McMillan said. “It's usually launched by botnets,” Internet-connected networks of computers often used by hackers.

    “It's constantly out there. Depending on who released it and whatever its payload might be, it's looking for vulnerable systems. It's advanced in the sense that it can do real damage … it's got multiple capabilities to do harm.”

    Follow Beth Kutscher on Twitter: @MHbkutscher

    Follow Joseph Conn on Twitter: @MHJConn

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    COVID hospitalizations in Michigan top fall surge; Beaumont seeing nurse 'burnout'
    COVID hospitalizations in Michigan top fall surge; Beaumont seeing nurse 'burnout'
    Calls mount for Biden to track U.S. healthcare worker deaths from COVID
    Calls mount for Biden to track U.S. healthcare worker deaths from COVID
    Sponsored Content
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS
    • Instagram

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    MDHC_Logotype_white
    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2021. Crain Communications, Inc. All Rights Reserved.
    • News
      • This Week's News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Transformation
      • Patients
      • Operations
      • Care Delivery
      • Payment
    • Data/Lists
      • Rankings/Lists
      • Interactive Databases
      • Data Points
    • Op-Ed
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Awards
      • Award Programs
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Minorities in Healthcare
          • - Luminaries
          • - Top 25 Minority Leaders
          • - Minorities to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Nominate
      • Previous Award Programs
        • Excellence in Nursing Awards
        • Design Awards
        • Top 25 COOs in Healthcare
      • Other Award Programs
        • 100 Top Hospitals
        • ACHE Awards
    • Events
      • Conferences
        • Women Leaders in Healthcare Conference
        • Social Determinants of Health Symposium
        • Healthcare Transformation Summit
        • Leadership Symposium
        • Virtual Briefings
          • - Hospital of the Future
          • - Mental Health
          • - Patient Safety & Quality
          • - Strategic Marketing
          • - Virtual Health
          • - Workplace of the Future
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Minority Leaders Gala
        • Top 25 Women Leaders Gala
      • Webinars
      • COVID-19 Event Tracker
    • Listen
      • Podcast - Next Up
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • MORE +
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing