Forgot your password?
typodupeerror
Security Privacy

Hackers Steal Data Of 4.5 Million US Hospital Patients 111

Posted by Unknown Lamer
from the security-through-whoops dept.
itwbennett (1594911) writes Community Health Systems said the attack occurred in April and June of this year, but it wasn't until July that it determined the theft had taken place. Working with a computer security company, it determined the attack was carried out by a group based in China that used 'highly sophisticated malware' to attack its systems. The hackers got away with patient names, addresses, birthdates, telephone numbers and Social Security numbers of the 4.5 million people who were referred to or received services from doctors affiliated with the company in the last five years. The stolen data did not include patient credit card, medical, or clinical information.
This discussion has been archived. No new comments can be posted.

Hackers Steal Data Of 4.5 Million US Hospital Patients

Comments Filter:
  • by Sarten-X (1102295) on Monday August 18, 2014 @10:29PM (#47700407) Homepage

    This is utterly ignorant.

    Many (if not most) healthcare providers in the US are affiliated with a larger organization, such as Community Health Systems. The branch offices need to have access to patient data from other affiliated providers, and given that this includes emergency rooms and other urgent-care facilities, the information must be available as quickly as possible. Physical separation is not a reasonable option.

  • by Sabbatic (3389965) on Monday August 18, 2014 @11:25PM (#47700649)
    Kind of ignorant to assume that such information sharing, which is only about 25 years old, is so absolutely vital that anyone who questions it is foolish. I don't recall vast numbers of people dying in ER's across the country pre-internet as opposed to post. It's useful, no doubt, and saves some lives, but if the data can't be handled responsibly, it's reasonable to ask whether the benefit is worth the cost of exposing millions of people to massive breaches of privacy and risk of identity theft. In any event, since you have positioned yourself as knowledgable about emergent care, I can assume that you are fully aware that the quick life-and-death decisions in ER's happen more quickly than would allow for a read-through of someone's medical history. In fact, too much data has been shown to lead to more misdiagnoses in ER's.
  • Re:Well I for one (Score:5, Insightful)

    by ShanghaiBill (739463) on Tuesday August 19, 2014 @12:56AM (#47700983)

    Your supposedly confidential records are not confidential.

    My name, address, and phone number are already public information, and in the phone book. The only "confidential" information they got was the SSN, and that should be fixed by making it illegal to use SSNs as authentication. I am required to disclose my SSN to employers, contractees, financial institutions, creditors, etc. It is ridiculous to then assume that mere knowledge of my SSN is "proof" that I am me.

  • by JDG1980 (2438906) on Tuesday August 19, 2014 @07:11AM (#47701989)

    You need properly trained and aware users

    In other words, we're doomed.

Machines certainly can solve problems, store information, correlate, and play games -- but not with pleasure. -- Leo Rosten

Working...