Community Health Systems, one of the largest hospital operators in the United States, announced that it has lost personal information belonging to 4.5 million patients in a massive data breach. Chinese hackers reportedly broke into the company's computer system and copied names, social security numbers, birthdays, telephone numbers and mailing addresses belonging to patients. According to investigators, they were not able to obtain medical history records or credit card numbers.
Community Health Systems runs 206 hospitals in nearly 30 states across the country. Any patient who sought treatment at one of those medical facilities in the last five years could be at serious risk of identity theft. Even those who were just referred to a hospital by an outside physician may have had their information stolen.
Cyber-security expert Charles Carmakal, whose company was hired to investigate the attack, says that Chinese hackers perpetrated the data breach using high-end malware in separate events in April and June. He tells Reuters that the group in question has previously infiltrated the digital data stores of major American companies in other industries.
"They have fairly advanced techniques for breaking into organizations as well as maintaining access for fairly long periods of time without getting detected," Carmakal tells the news service.
Neither the investigators nor Community Health Systems said whether it believes the group of cyber-criminals has any connection to the Chinese government. In the past, some American officials have said they believe China has been behind other widespread hacking campaigns around the globe.
The hospital operator says it has scrubbed the malware from its system and taken steps to keep hackers out in the future. However, this latest attack just raises more questions about the safety of Americans' personal information. The data breach is just one more in a long string of recent hackings, including major episodes at Target, Neiman Marcus and P.F. Chang's.
Community Health Systems says it will contact all 4.5 million patients whose information was stolen. If you are concerned about the possibility that your personal information could have been compromised in the past or may be taken in the future, you should consider investing in a credit monitoring service. While such services cannot guarantee your protection against fraud, they can alert you to certain activity that may indicate fraud.
Identity thieves sometimes open bank accounts or credit lines in their victims' names, which can cause serious damage to personal credit histories. A monitoring system will tell you if it notices certain indicators that someone may have taken these steps using your identity, allowing you to immediately and aggressively respond. Unfortunately, without such an alert system, you might not even realize that your identity has been stolen until you try to apply for a loan. It's always best to proactively guard your privacy.
Those people who check their banking and/or medical records online should also use a password management program to add an extra layer of protection to their accounts, saving entry codes in a digital vault. Never repeat passwords across sites, and be sure to use hard-to-guess combinations of letters, numbers and symbols. Remember that as cyber-criminals become more sophisticated in their ability to gain access to our personal information, it is important that we also become increasingly savvier.