Chinese APT group thought to be behind breach affecting 4.5 million.
A mass hack affecting 4.5 million patients of Community Health Systems [CHS] has prompted speculation over hackers’ motives from the security sector.
Names, addresses, birthdates, telephone numbers and social security numbers were taken from the American company using complex malware in a breach spanning five years’ worth of data.
Jerome Segura, senior security researcher at security firm Malwarebytes, said: "While the number is astonishing and makes it one of the largest breaches in the medical field, it may not have been the perpetrators’ actual goal.
"If the group behind this was one of the suspected hacking units from China, their motive generally is the theft of intellectual property [IP]."
Security firm Mandiant, which investigated the breach, believes that an advanced persistent threat (APT) group from China was behind the breach, and confirmed that IP is the usual target in the suspected intruder.
However in this case medical device and equipment data appears not to have been affected, and neither has payment information, according to CHS.
Segura added that the medical sector was particularly vulnerable to attacks circumventing traditional security through social engineering, and was relying on liability insurance to cover themselves.
CHS confirmed that it does carry such insurance, and will be offering identity theft services to those affected in the attack.
Charles Sweeney, chief executive at security firm Bloxx, warned against firms becoming complacent about the loss of personal data.
"As we hurtle towards a more connected future with the new world of big data, it is worrying that even with the personal information stolen in this data breach a hacker could set up a mobile phone or apply for a credit card in my name and potentially damage my credit rating," he said.