Advanced, persistent’ hackers hit hospital system
After hackers obtained 4.5 million files on its patients, Community Health Systems (CHS) in Franklin, TN, filed a statement with the Securities and Exchange Commission (SEC) to address concerns that the incident might affect the publicly traded hospital chain’s value.
There was no immediate decline in CHS’ stock value, but the first class action lawsuit was filed against CHS in Alabama within hours of the system announcing the breach.
The statement to the SEC gives some insight into what CHS found out about the cyber attack.
CHS reported that its cyber forensics consultants determined the hacker or hackers had stuck in April and June 2014 and were an "advanced persistent threat" originating from China.
The cyber experts found evidence indicating that the hackers found vulnerability in a computer system serving CHS’ physician practices but apparently that did not allow access to financial data such as credit card numbers. The hackers took what they could: the names, addresses, Social Security numbers and other demographic data on 4.5 million patients.