One of the biggest hospital groups in the U.S. has claimed falling victim to a cyberattack perpetuated by hackers from China.
Community Health Systems, which oversees more than 200 hospitals in the country, revealed on Monday that the attack of the Chinese hacking group called "APT 18" resulted in the theft of personal data of 4.5 million patients.
Chinese hacking groups often target intellectual property and information that may have potential uses in political and business negotiations. Community Health Systems, however, said that hackers were not also able to steal intellectual property data such as those that involve the development of medical device. The breach did not also compromise the medical and credit card records of the patients albeit the hackers were able to get away with the patients' names, addresses, birthdays, contact numbers and social security numbers.
Charles Carmakal, from the Mandiant forensics unit of security company FireEye Inc., which led the investigation of the attack that occurred in April and June, said that the hacker group APT 18 often targets companies in the healthcare industry as well as those in technology, aerospace and defense, financial services, construction and engineering.
"They have fairly advanced techniques for breaking into organizations as well as maintaining access for fairly long periods of times without getting detected," Carmakal said.
Dmitri Alperovitch, the Chief Technology Officer of another cybersecurity firm that has also been tracking APT 18, said that he has seen the group targeting chemical companies and even human rights group. He also said that the group has above average skills compared with other Chinese hackers. Alperovitch's firm, CrowdStrike, also believe that Apt 18 may either be backed or working directly for the Chinese government as suggested by the targets that the group has been choosing.
This is not the first time that the government of China has been linked with a cyberattack. Security experts have long believed of China's role in cyberattacks that target the websites of private companies and the U.S. government albeit the Chinese government has always denied having a hand in hacking and cyber-espionage.
The Community Health Systems breach is the biggest known cyberattack that targeted the information of hospital patients since the U.S. Department of Health and Human Services started tracking such data breaches beginning 2009. The attack on a server of the Montana Department of Public Health, which was revealed in June, held the previous record and involved the data of approximately one million people.
