Why security is pondering over hacking of US medical group

Security

by Jimmy Nicholls| 19 August 2014

Chinese APT group thought to be behind breach affecting 4.5 million.

A mass hack affecting 4.5 million patients of Community Health Systems [CHS] has prompted speculation over hackers' motives from the security sector.

Names, addresses, birthdates, telephone numbers and social security numbers were taken from the American company using complex malware in a breach spanning five years' worth of data.

Jerome Segura, senior security researcher at security firm Malwarebytes, said: "While the number is astonishing and makes it one of the largest breaches in the medical field, it may not have been the perpetrators' actual goal.

"If the group behind this was one of the suspected hacking units from China, their motive generally is the theft of intellectual property [IP]."

Security firm Mandiant, which investigated the breach, believes that an advanced persistent threat (APT) group from China was behind the breach, and confirmed that IP is the usual target in the suspected intruder.

However in this case medical device and equipment data appears not to have been affected, and neither has payment information, according to CHS.

Segura added that the medical sector was particularly vulnerable to attacks circumventing traditional security through social engineering, and was relying on liability insurance to cover themselves.

CHS confirmed that it does carry such insurance, and will be offering identity theft services to those affected in the attack.

Charles Sweeney, chief executive at security firm Bloxx, warned against firms becoming complacent about the loss of personal data.

"As we hurtle towards a more connected future with the new world of big data, it is worrying that even with the personal information stolen in this data breach a hacker could set up a mobile phone or apply for a credit card in my name and potentially damage my credit rating," he said.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

746 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.