If you’ve been to a rural or small hospital in the United States in the last five years, your information may now be in the hands of Chinese hackers. A report from Recode on Monday states that hackers thought to be from China hacked into the databases of Community Health Systems. The company says the data breach could affect the 4.5 million patients who have been to their 209 hospitals.
The company believes they were attacked by a group out of China during the months of April and June. Right now, they aren’t sure what the hackers want with the information but they know that non-medical patient information was stolen, like birth dates, names, addresses, social security numbers and telephone numbers.
VentureBeat reports the hackers used a method called a persistent threat technology to execute the hacks, meaning it was a continuous “series of hacking processes.” A malware then made its way through Community Health Systems networks and transferred the information out. In the SEC filing, it notes that the hackers bypassed website security
After discovering the attacks, the company hired security company Mandiant and has since removed the malware from its system. According to the filing, the federal government as well as Mandiant believe that these hackers could be related to another hacking incident last year from a Chinese group. The group, called 61398, could be responsible for 141 other cases in Canada and the United States. However, five hackers associated with that group were criminally indicted by the U.S. Department of Justice for their participation in the attacks, so this data breach could be from a completely unrelated group.
Now the company’s next move is to contact anyone who might be affected and to offer identity theft protection services.