Chinese hackers seem to be at it again. This time hitting Community Health Systems, a large US medical group that runs over 200 hospitals in 29 states. According to reports from Foxnews, the attackers were able to steal 4.5 million records.
A filing with the U.S. Securities and Exchange Commission stated that computer security company Mandiant assisted in the forensics investigation and “believe the attacker was an “Advanced Persistent Threat” group originating from China who used highly sophisticated malware and technology to attack the Company’s systems.“
According to the filing the data was “non-medical patient identification data” and did not include “patient credit card, medical or clinical information“. The company is notifying the affected patients and apparently offering them identity theft protection services.
As financial information was not recovered, the information would most likely be used in further social engineering type attacks – for example, using the information gained to attempt to access patients accounts or data from other companies or websites.
For those interested in learning more about Mandiant and their research of Chinese APT attacks, check out their “APT1: Exposing One of China’s Cyber Espionage Units” intelligence center report.