Why security is pondering over hacking of US medical group
by Jimmy Nicholls| 19 August 2014Chinese APT group thought to be behind breach affecting 4.5 million.
A mass hack affecting 4.5 million patients of Community Health Systems [CHS] has prompted speculation over hackers' motives from the security sector.
Names, addresses, birthdates, telephone numbers and social security numbers were taken from the American company using complex malware in a breach spanning five years' worth of data.
Jerome Segura, senior security researcher at security firm Malwarebytes, said: "While the number is astonishing and makes it one of the largest breaches in the medical field, it may not have been the perpetrators' actual goal.
"If the group behind this was one of the suspected hacking units from China, their motive generally is the theft of intellectual property [IP]."
Security firm Mandiant, which investigated the breach, believes that an advanced persistent threat (APT) group from China was behind the breach, and confirmed that IP is the usual target in the suspected intruder.
However in this case medical device and equipment data appears not to have been affected, and neither has payment information, according to CHS.
Segura added that the medical sector was particularly vulnerable to attacks circumventing traditional security through social engineering, and was relying on liability insurance to cover themselves.
CHS confirmed that it does carry such insurance, and will be offering identity theft services to those affected in the attack.
Charles Sweeney, chief executive at security firm Bloxx, warned against firms becoming complacent about the loss of personal data.
"As we hurtle towards a more connected future with the new world of big data, it is worrying that even with the personal information stolen in this data breach a hacker could set up a mobile phone or apply for a credit card in my name and potentially damage my credit rating," he said.
- Web Application Security — How to Minimise Prevalent Risk of Attacks
- Making Your Website Safe for Online Buyers with the Qualys SECURE Seal
- Understanding and Selecting a Database Assessment Solution
ICT Priorities in Financial Markets - Enterprise ICT investment plans
Why was the report written? In order to provide deeper insights into financial market institutions’ ICT investment priorities and strategic... Reports Buy online from $2500
Absolute Software - Security Solutions for Mobile Computers and Smartphones
Absolute® Software specialises in technology and services for the management and security of mobile computers and smartphones.
Qualys - IT security risk and compliance solutions
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...
Hardware Blade servers Data centre Desktops Microelectronics Servers Storage
Software Analytics App dev Business intelligence Content management E-commerce Enterprise apps Malware Middleware Open source Operating systems Service management Virtualisation
Networks Networking Telecoms Unified communications
Services Business continuity IT services Outsourcing
CIO Agenda Green IT Midmarket The Boardroom Small business
Mobile & tablets
Cloud Cloud Platform