Where you treated at a hospital in the US, particularly a rural US hospital between April and June 2014? Watch your back, because hackers half way around the world know what ails you.
Community Health Systems had over 4.5 million patients’ hospital records hacked. This hacking has hit 29 states. Most of those compromised were in the rural areas in the American South and Midwest, though Pennsylvania was hit pretty hard. They claimed in a report to the US government the culprits were part of a hacking group from China, and it is an ‘Advanced Persistent Threat’. No motive is yet known. Here is where it gets interesting. A security company called Mandiant used a phrase ‘Advanced Persistent Threat’ to describe a Chinese Army unit hacking networks throughout the Western nations. Community Health Systems hired Mandiant to investigate this. As of this blog, it’s unclear Mandiant believes or not the Chinese Army had anything to do with this hacking. I just think it’s ironic how things come in circle like this.
As expected, China denies ever having a part in this. But this hacking dispute between China and the US has become disturbingly common in the past several years. One nation has accused the other of hacking something, whether it be military secrets or hospital records or bank codes. It sounds like this is pretty early in the investigation. It almost sounds like what Community Health Systems said vs. what Mandiant says vs. what the Chinese government says. But the Chinese Army isn’t the only suspect here. What if it’s some cyber crime rink in this country trying to get IDs to sale for $10 a pop? What if it’s a rival medical company whose behind this? What if it’s a disgruntle patient or former employee who was done wrong in some way and considers this revenge?