Skip to main content
Sister Publication Links
  • ESG: THE IMPLEMENTATION IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Digital Health
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Unwell in America
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Information Technology
August 19, 2014 01:00 AM

A great hacker will find HIT system flaws, exploit them

Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    When you think about how an “advanced persistent threat,” i.e., a hacker, works, think of a professional quarterback like the Green Bay Packers' Aaron Rodgers.

    Smart, capable and most of all flexible, a pro QB will read a defense and exploit whatever weakness it offers. He might look first for a 50-yard TD strike to the split-end running a fly down the sideline. But if the cornerback has that guy covered, he'll look next for the flanker on a cross 20 yards deep. If the safety is blanketing the flanker, the wily QB will take what he can get, either dumping off to a halfback sneaking in front the linebackers in the hook zone 7 yards downfield or, if the tackles are split and he's fleet afoot like Rodgers, running the ball himself.

    That progression gives you some sense of the nature of the hacker, or hackers, that scored 4.5 million times on Community Health Systems recently.

    According to CHS' filing with the Securities and Exchange Commission on Monday, the publicly traded hospital chain, quoting its forensic expert, Mandiant, reported that their hacker or hackers had stuck in April and June and were an “advanced persistent threat” originating from China.

    Federal authorities joined Mandiant in informing CHS that the intruder “typically sought valuable intellectual property, such as medical device and equipment development data.”

    Having found vulnerability in a computer system serving CHS' physician practices but, apparently, no intellectual property, the hacker seemingly “checked off” and stole what was at hand, the names, addresses, Social Security numbers and other demographic data on 4.5 million patients.

    It's info that won't enable the hacker to purloin the latest health tech breakthrough, but it's still quite valuable to identity thieves.

    If there is Karma to befall the CHS hacker, the sheer magnitude of their success—the breach is the second largest in the history of the “wall of shame” kept by the Office for Civil Rights at HHS, and the largest attributable to a hacking incident—is likely to have a detrimental impact on his or her marginal returns.

    According to a report, “Markets for Cybercrime Tools and Data: Hackers' Bazaar” released this year by the RAND Corp., after a large breach, “the (black) market may be flooded with data, causing prices to go down.” One expert RAND cited said the price of a stolen record dropped from $15 to $20 each to 75 cents over as short period.

    An advance persistent threat is a particular type of malware that stalks the Internet relentlessly, always looking for vulnerability, said data security expert Michael “Mac” McMillan. And when it finds a weakness, “it can create temp files and transfer things out. It's got multiple capabilities to do harm. Whenever it is lucky enough to find a network that is vulnerable to it, it just does its thing.”

    Like Rodgers does often to the Chicago Bears.

    How did CHS and Mandiant know the attack stemmed from China?

    An Internet Protocol, or IP address, is assigned to computer systems on the Internet. There is a regional, geographical component to them, so the location of an attacking computer can be identified through them. “But to some degree, it's still kind of circumstantial,” McMillan said. “They come out of Indonesia, Russia, China and Africa, where we don't have good cooperation for investigation.”

    So in the end, an attack that appears to be coming from a computer abroad, “may be coming out of Sacramento and they're using a server in Africa they control, knowing when the trail hits there, it goes cold.”

    Constant vigilance is the burden healthcare IT defenders must bear in this endless game against hackers, according to McMillan. There are no half times and no TV time outs.

    “That's why patching is so important,” McMillan said. “For every system you deploy on the network, there are settings and patching that make it less vulnerable to threats.”

    Controlling new software or upgrades and reviewing them for risks before they're installed on the network is crucial, too, he said.

    “We have to be right all of the time and the hacker only has to be lucky once.”

    Follow Joseph Conn on Twitter: @MHJConn

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Judy_Faulkner_Epic_HIMSS17_edit_i.jpg
    Epic outlines what's ahead for patient portal, Cosmos
    Cerner_fullsize_AP_i.jpg
    Cerner to pay $1.8M to resolve racial discrimination allegations
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Digital Health
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Unwell in America
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing