The Washington Post

Chinese hackers may have stolen your medical records

A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. One of the largest ever cyber attacks is slowing global internet services after an organisation blocking "spam" content became a target, with some experts saying the disruption could get worse. To match INTERNET-ATTACK/ REUTERS/Kacper Pempel/Files (POLAND - Tags: BUSINESS SCIENCE TECHNOLOGY) - RTXXZVX A man types on a computer keyboard in this 2013 photo illustration. (Kacper Pempel/Reuters)

Chinese hackers have stolen medical records for 4.5 million patients, according to a regulatory filing from Community Health Systems, a publicly-traded company that runs 206 hospitals in 29 states.

The stolen data includes records for patients of who have seen doctors affiliated with the company in the past five years.

Mandiant, a cybersecurity firm hired by the company, believes the attacks originated in China. The FBI is also investigating the break-in.

Between April and June, hackers bypassed the company’s security systems and stole personal data including names, addresses, birth dates, telephone numbers and social security numbers. The stolen information did not include patients’ credit card numbers, medical or clinical data.


The theft was unusual for Chinese hackers “known for seeking intellectual property, such as product design, or information that might be of use in business or political negotiations,” Reuters said. “Social Security numbers and other personal data are typically stolen by cybercriminals to sell on underground exchanges for use by others in identity theft.”

The hacking group wasn’t named in the filing, but Charles Carmakal, managing director of Mandiant, told Bloomberg in an e-mail that the group, which he identified as “APT 18,” “typically targets companies in the aerospace and defense, construction and engineering, technology, financial services, and health-care industry.”

Another cybersecurity firm, Crowdstrike, which has been tracking the group for four years, told Reuters it believes the hackers are either backed by Beijing or work directly for the government based on the targets they have chosen. The firm’s chief technology officer, Dmitri Alperovitch, said “APT 18,” also known as “Dynamite Panda,” has “above average skill” among Chinese hackers.

So why are sophisticated hackers known for corporate espionage turning to identity theft?

Bloomberg’s Michael Riley and Jordan Robertson spoke with someone familiar with the investigation and said there are a couple of theories. The hackers might have “stolen the information for the purposes of locating new targets or adding private data to the profiles of existing targets.” The more likely explanation is that rogue members of the hacking group stole the data without approval from their superiors in hopes of selling it on the black market for extra cash.

According to the New York Times, security experts have warned that digitization of medical records would invite hackers. The U.S. Health and Human Services Department keeps track of breaches of private health data affecting 500 or more people. Using the data, computer virus researchers Stephen Cobb of ESET calculated that every day last year 24,800 Americans had protected health information exposed, the Times said.

Mandiant told Reuters it has seen a spike in cyberattacks on healthcare providers in the past six months. The FBI has warned the industry of its vulnerability.

Community Health discovered the hack in July and has since removed the malware from its systems. The company also said in the regulatory filing that it has beefed up its security systems.

As required by law, patients whose information was stolen will be notified. The company will also offer identity theft protection services.

The company has liability insurance and doesn’t expect the take a major financial hit as a result of the incident.

China has denied similar attacks in the past, but did not respond to Bloomberg’s request for comment.

Gail Sullivan covers business for the Morning Mix blog.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments

Sign up for email updates from the "Confronting the Caliphate" series.

You have signed up for the "Confronting the Caliphate" series.

Thank you for signing up
You'll receive e-mail when new stories are published in this series.
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Videos curated for you.
Play Videos
From clubfoot to climbing: Double amputee lives life of adventure
Learn to make traditional soup dumplings
Deaf banjo player teaches thousands
Play Videos
Unconventional warfare with a side of ale
The rise and fall of baseball cards
How to keep your child safe in the water
Play Videos
'Did you fall from heaven?': D.C.'s pick-up lines
5 ways to raise girls to be leaders
How much can one woman eat?
Play Videos
How to get organized for back to school
How to buy a car via e-mail
The signature drink of New Orleans
Next Story
Terrence McCoy · August 19, 2014

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.