Chinese hackers stole 4.5 million patients’ names, Social Security numbers and other personal data from the computers of one of the country’s largest hospital chains, the company said Monday — the biggest reported cyberattack ever on a U.S. health care company.
Community Health Services and its forensic expert, Mandiant, believe the attacker was an “advanced persistent threat” group from China that used highly sophisticated malware and technology, according to a filing with the Securities and Exchange Commission.
The data stolen in April and June also included patients’ addresses, birth dates and phone numbers. The thieves did not swipe credit card numbers or medical information.
Social Security numbers and other personal data are a gold mine to hackers, who can sell them to black market criminals for use in financial fraud. Complete health care records are even more valuable, bringing up to $316 per record, security experts say. The Chinese hackers may have been blocked by encryption from getting medical records during the attack, according to the experts.
From the US Department of Health and Human Services:
IMPROVING QUALITY AND LOWERING COSTS
Reducing Paperwork and Administrative Costs. Health care remains one of the few industries that relies on paper records. The new law will institute a series of changes to standardize billing and requires health plans to begin adopting and implementing rules for the secure, confidential, electronic exchange of health information. Using electronic health records will reduce paperwork and administrative burdens, cut costs, reduce medical errors and most importantly, improve the quality of care. First regulation effective October 1, 2012.
I mention the above because everybody’s health records will be online and accessible to hackers soon, if they aren’t already…thanks to Obamacare.
As far as “secure” – anything can eventually be gotten if only a person tries hard enough. The only way it can be secured from electronic attack is not not put the data in an electronic format. Maybe not today, but tomorrow or the next days.