Chinese hackers may have stolen your medical records

CyberAttack_0204131-617x416

A man types on a computer keyboard in this 2013 photo illustration. (Kacper Pempel/Reuters)

Chinese hackers have stolen medical records for 4.5 million patients, according to a regulatory filing from Community Health Systems, a publicly-traded company that runs 206 hospitals in 29 states.

The stolen data includes records for patients of who have seen doctors affiliated with the company in the past five years.

Mandiant, a cybersecurity firm hired by the company, believes the attacks originated in China. The FBI is also investigating the break-in.

Between April and June, hackers bypassed the company’s security systems and stole personal data including names, addresses, birth dates, telephone numbers and social security numbers. The stolen information did not include patients’ credit card numbers, medical or clinical data.

The theft was unusual for Chinese hackers “known for seeking intellectual property, such as product design, or information that might be of use in business or political negotiations,” Reuters said. “Social Security numbers and other personal data are typically stolen by cybercriminals to sell on underground exchanges for use by others in identity theft.”

The hacking group wasn’t named in the filing, but Charles Carmakal, managing director of Mandiant, told Bloomberg in an e-mail that the group, which he identified as “APT 18,” “typically targets companies in the aerospace and defense, construction and engineering, technology, financial services, and health-care industry.”

Another cybersecurity firm, Crowdstrike, which has been tracking the group for four years, told Reuters it believes the hackers are either backed by Beijing or work directly for the government based on the targets they have chosen. The firm’s chief technology officer, Dmitri Alperovitch, said “APT 18,” also known as “Dynamite Panda,” has “above average skill” among Chinese hackers.

So why are sophisticated hackers known for corporate espionage turning to identity theft?

Bloomberg’s Michael Riley and Jordan Robertson spoke with someone familiar with the investigation and said there are a couple of theories. The hackers might have “stolen the information for the purposes of locating new targets or adding private data to the profiles of existing targets.” The more likely explanation is that rogue members of the hacking group stole the data without approval from their superiors in hopes of selling it on the black market for extra cash.

According to the New York Times, security experts..

Read more: http://www.washingtonpost.com/news/morning-mix/wp/2014/08/19/chinese-hackers-may-have-stolen-your-medical-records/