Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Steal Data Of 4.5 Million US Hospital Patients

Posted by Unknown on from the security-through-whoops dept.

itwbennett (1594911) writes Community Health Systems said the attack occurred in April and June of this year, but it wasn't until July that it determined the theft had taken place. Working with a computer security company, it determined the attack was carried out by a group based in China that used 'highly sophisticated malware' to attack its systems. The hackers got away with patient names, addresses, birthdates, telephone numbers and Social Security numbers of the 4.5 million people who were referred to or received services from doctors affiliated with the company in the last five years. The stolen data did not include patient credit card, medical, or clinical information.

4 of 111 comments (clear)

  1. Re:why internet connected? by Sarten-X · · Score: 4, Insightful

    This is utterly ignorant.

    Many (if not most) healthcare providers in the US are affiliated with a larger organization, such as Community Health Systems. The branch offices need to have access to patient data from other affiliated providers, and given that this includes emergency rooms and other urgent-care facilities, the information must be available as quickly as possible. Physical separation is not a reasonable option.

    --
    You do not have a moral or legal right to do absolutely anything you want.
  2. Re:why internet connected? by Sabbatic · · Score: 5, Insightful

    Kind of ignorant to assume that such information sharing, which is only about 25 years old, is so absolutely vital that anyone who questions it is foolish. I don't recall vast numbers of people dying in ER's across the country pre-internet as opposed to post. It's useful, no doubt, and saves some lives, but if the data can't be handled responsibly, it's reasonable to ask whether the benefit is worth the cost of exposing millions of people to massive breaches of privacy and risk of identity theft. In any event, since you have positioned yourself as knowledgable about emergent care, I can assume that you are fully aware that the quick life-and-death decisions in ER's happen more quickly than would allow for a read-through of someone's medical history. In fact, too much data has been shown to lead to more misdiagnoses in ER's.

  3. Re:Well I for one by ShanghaiBill · · Score: 4, Insightful

    Your supposedly confidential records are not confidential.

    My name, address, and phone number are already public information, and in the phone book. The only "confidential" information they got was the SSN, and that should be fixed by making it illegal to use SSNs as authentication. I am required to disclose my SSN to employers, contractees, financial institutions, creditors, etc. It is ridiculous to then assume that mere knowledge of my SSN is "proof" that I am me.

  4. Re:VPNs don't solve this on their own by JDG1980 · · Score: 4, Insightful

    You need properly trained and aware users

    In other words, we're doomed.