New York: 02:30 || London: 07:30 || Mumbai: 11:00 || Singapore: 13:30

Reports US

US stock market daily report (August 18, 2014, Monday)

August 19, 2014, Tuesday, 05:22 GMT | 00:22 EST | 08:52 IST | 11:22 SGT
Contributed by Millennium Traders

A cyber attack from China is blamed for the theft of Social Security numbers, patient names, addresses, birth dates and telephone numbers of 4.5 million patients of one of the largest hospital groups in the USA, the Community Health Systems, Inc. (CYH-NYSE). The security breach was at the hands of "APT 18", which may have links to the Chinese government, per security experts. In a regulatory filing, Community Health reported the information stolen belonged to patients who were referred to or received services from doctors affiliated with the hospital group over the past five years. The breach did not include medical or clinical information, credit card numbers or any intellectual property such as data on medical device development.

The U.S. Department of Health and Human Services began tracking security breaches in 2009 and this attack is the largest of its type involving patient information. Community Health has 206 hospitals in 29 states.

FireEye, Inc. (FEYE-Nasdaq) Mandiant forensics unit led the investigation of the attack on Community Health in April and June. Managing director with FireEye Charles Carmakal said that "APT 18" typically targets companies in the aerospace, defense, construction, engineering, technology, financial services as well as, the healthcare industry. Carmakal said, "They have fairly advanced techniques for breaking into organizations as well as maintaining access for fairly long periods of times without getting detected," he said. The FBI warned the healthcare industry in April that its protections were lax compared with other sectors, making it vulnerable to hackers looking for details that could be used to access bank accounts or obtain prescriptions.

Mandiant, who monitors nearly 20 hacking groups in China, has seen a spike in cyber attacks on healthcare providers over the past six months. According to Carmakal, this was the first case it had seen in which a sophisticated Chinese group has stolen personal data. Chinese hacking groups are known for seeking intellectual property such as product design as well as information that may be of use in business or political negotiations. Social Security numbers and other personal data are typically sold on underground exchanges for use by others in identity theft.

Community Health said it has removed malicious software used by the attackers from its systems and completed other remediation steps. As required by law, CYH is in the process of notifying patients and regulatory agencies of the security breach.