Community Health Systems Breach

According to an August 18th Reuters wire release, Community Health Systems Inc. (CYH.N), stated that the company was victimized by a major information security breach orchestrated by a Chinese team of hackers. The cybersecurity attack affected 4.5 million patients.

The hackers, who operate under the handle "APT 18" (aka the Dynamite Panda gang) are believed to have strong ties to the Chinese government, according to information from security experts. Community Health Systems, one of the largest hospital groups in the United States, does not fit the typical "APT 18" target profile. The hackers, who are highly skilled in implementing technology and deploying sophisticated malware, usually prefer targets from the defense, engineering, and aerospace industries, financial services industries, the technology sector, and the healthcare industry.

 

That being said, there are industry pros who have expressed the opinion that Community Health Systems is a perfect target for the Chinese government since this type of breach and personal data provides extensive information which can be used to enhance the Chinese healthcare system and China's national security. Moreover, this information is especially important given China's expanding elderly population.

 

Security experts, who were hired to investigate the network security breach, determined that the IT security breach initially took place in April, and again in June of 2014.

 

The takeaway from this type of breach is that many organizations in the medical and pharmaceutical industries are not up to speed with the level of security and protection needed to secure medical devices, systems, workstations, online records, etc. HIPAA compliance is a good first step toward protecting critical electronic health information (EHI), but it is exactly that: a good first step.