(NaturalNews) In the latest breach of privacy and Internet security, a cyber attack originating in China hacked into the computers of Community Health Systems Inc., one of the largest U.S. hospital groups, resulting in the theft of Social Security numbers and other personal information of 4.5 million patients.
As Reuters reported, security experts say the hacking group, which calls itself "APT 18," could have links to the Chinese government.
In an interview with the news agency, Charles Carmakal, managing director of FireEye Inc.'s Mandiant forensics unit, said the hacking group typically targets companies in aerospace and defense, as well as construction, financial services, technology and the healthcare industry.
"They have fairly advanced techniques for breaking into organizations as well as maintaining access for fairly long periods of times without getting detected," said Carmakal. His company led the investigation into the hacking attack in April and June.
'Not the first attack on U.S. firms by Chinese hackers'
As further reported by Reuters:
The information stolen from Community Health included patient names, addresses, birth dates, telephone numbers and Social Security numbers of people who were referred or received services from doctors affiliated with the hospital group in the last five years, the company said in a regulatory filing.
The stolen data did not include medical or clinical information, credit card numbers, or any intellectual property such as data on medical device development, said Community Health, which has 206 hospitals in 29 states.
The latest attack was certainly not the first time that China-based hackers have stolen information from American companies, but it is the largest cyber attack of its kind involving patient information since a U.S. Department of Health and Human Services website began tracking such breaches in 2009. It should be noted that the adoption of electronic medical records by hospitals and doctors' offices is not mandatory under provisions of the Affordable Care Act, but the law essentially punishes those who do not computerize their patient data by withholding, or diverting, Medicare and Medicaid payments.
The previous record holder for amount of patient data loss was an attack on a Montana Department of Public Health server; disclosed in June, it affected about 1 million people.
China's cyber warfare/hacking capabilities are among some of the most sophisticated in the world, and they are growing. Chinese hackers tend to seek out intellectual property like product design that could be used for political or business negotiations.
But Social Security numbers and other personal data are often stolen by cyber operatives to sell in underground exchanges, for eventual use by others in identity theft.
'Affiliated with the Chinese government'
Reuters noted that, over the past six months, Mandiant has witnessed a rise in cyber attacks on healthcare providers, though the Community attack was the first that it had seen in which an advanced Chinese group had swiped personal data, Carmakal said. His firm monitors around 20 China-based hacking groups. Along that line, the news service further reported:
Cybersecurity has come under increased scrutiny at healthcare providers this year, both by law enforcement and attackers.
The FBI warned the industry in April that its protections were lax compared with other sectors, making it vulnerable to hackers looking for details that could be used to access bank accounts or obtain prescriptions.
Mandiant has been following APT 18 for about four years. When asked by Reuters if the latest hacking effort was related to the Chinese government, Carmakal said it was "a possibility" but he would not elaborate.
The Chinese government typically is involved, on some level, but remains aloof in its intelligence efforts to give Beijing plausible deniability.
One additional cybersecurity firm, CrowdStrike, has also been monitoring APT 18 for a number of years. Officials there say that the hackers are either backed by the Chinese government -- which, by the way, controls all of the Internet nodes coming into, and going out of, the country -- or they work directly for the government, given the targets they go after.