Chinese hackers allegedly stole 4.5 million patient records from the Community Health Systems (CHS), which works with 206 hospitals in 29 states. They acquired sensitive information that could be used to steal identities such as names, social security numbers, phone numbers, and addresses.
It does not appear the hackers took any clinical or medical information from the victims. CHS alerted the FBI of the breach and hired FireEye’s Mandiant division to investigate the breach. Mandiant investigated this particular Chinese group before.
“We have tracked this group for the past four years and internally refer to them as APT 18,” said Mandiant’s managing director Charles Carmakal. “This group typically targets companies in the aerospace and defense, construction and engineering, technology, financial services, and health-care industry verticals.”
Mandiant said the hackers utilized a “highly sophisticated malware and technology” to access CHS’s information. However, these experts are confused why this Chinese group targeted personal information. Usually groups in Eastern Europe target this kind of information. There are a few theories floating on the internet. From Bloomberg:
It’s possible that the hackers were scraping all the data they could from Community Health’s systems and wound up with personal data, without any intentions of selling or using it. The hackers could also have stolen the information for the purposes of locating new targets or adding private data to the profiles of existing targets.
Perhaps the most likely theory is that rogue members, tempted by the money they could make, stole the data to sell it on the black market in actions not sanctioned by their superiors, according to a person familiar with the investigation, who spoke on condition of anonymity.
According to this person, the suspects are separate from the People’s Liberation Army Unit 61398. Indeed, one of the most sophisticated hacking groups in China consists of officers from China’s army, but the Chinese government denies any involvement. In May, the US Department of Justice charged five officers of “hacking into American nuclear, metal and solar companies to steal trade secrets.” It is the first time the US filed criminal hacking charges against foreign officials.
“When a foreign nation uses military or intelligence resources and tools against an American executive or corporation to obtain trade secrets or sensitive business information for the benefit of its state-owned companies, we must say, ‘Enough is enough,'” said Attorney General Eric Holder.
The FBI is also probing the breach of CHS’s system.
“We understand the significance of this and other recently announced cyber intrusions by state actors and other cyber criminals and are committing significant resources and efforts to target, disrupt, dismantle and arrest the perpetrators,” said the FBI.