Community Health Systems, one of the largest hospital operators in the U.S., today announced that hackers stole about 4.5 million records with patient names, addresses, birth data, phone numbers and Social Security numbers. The company says the data was stolen in attacks that occurred between April and June 2014 and the hackers gained access to data from anybody who was referred for or received services from any doctor affiliated with Community Health Systems. The only good news about this breach is that the hackers did not gain access to any medical records.
Community Health Systems, which operates in 29 states, worked with cybersecurity firm Mandiant to look into this breach. Based on Mandiant’s investigation, Community Health Systems believes that the attack originated from China and that the hackers used “highly sophisticated malware and technology to attack the Company’s systems.” The company notes that these attacks typically go after intellectual property like medical device and equipment development data. This time around, however, the hackers went after personal records.
Community Health Systems will offer identity theft protection to all the patients whose data was stolen.
Today’s announcement, of course, is just one in a long line of similar breaches that have left U.S. consumers vulnerable to identity theft and/or credit card fraud. Very little data, it seems, is actually safe from hackers these days and if your SSN isn’t up for sale on some hacker forum, count yourself lucky.