back to article 'Chinese crims' snatch 4.5 MILLION patient files from US hospitals

One of the largest healthcare providers in the US claims Chinese hackers ran riot through its systems between April and June this year – accessing names, addresses and social security numbers of millions of patients. But Community Health Systems (CHS) insists no medical records nor any financial data were grabbed by the …

  1. Eddy Ito
    Mushroom

    Equine phallus!

    This first bit

    ... accessing names, addresses and social security numbers of millions of patients.

    makes this second bit

    But Community Health Systems (CHS) claims no medical records nor any financial data were grabbed by the miscreants.

    irrelevant. As practiced by most corporate and governmental arsehats these days the keys to the data in the second bit is typically the data of the first bit.

    1. cortland

      Re: Equine phallus!

      They're looking our for their own a*ses; HIPAA violations subject them to FINANCIAL penalties.

      "In 1996, the Health Insurance Portability and Accountability Act or the HIPAA was endorsed by the U.S. Congress. The HIPAA Privacy Rule, also called the Standards for Privacy of Individually Identifiable Health Information, provided the first nationally-recognizable regulations for the use/disclosure of an individual's health information. "

      http://whatishipaa.org/

      http://www.training-hipaa.net/hipaa_resources/Violation_Penalties.htm

      http://compliance.med.nyu.edu/news/documenting-inpatient-admissions

  2. DNTP

    Nice to know that this company protects their commercial intellectual property better than patient data. That's how you tell a company is going places!

    And screw them saying they didn't put people at risk. A SSN and the other bits will be as good as anything for stealing some identities. An outdated number will still be listed in everyone's records everywhere else, so getting a new number won't protect well against fraudsters. But I'm sure the company has no plans to voluntarily compensate people, that would be taking responsibility and these clowns proved they don't have the balls for that.

  3. Doctor Syntax Silver badge

    "We worked quickly"

    April to June is quickly?

    1. Mark 85

      Re: "We worked quickly"

      Ah... yeah... in big healthcare companies it is. Now the real question: what years? April of 2013 to June of 2014? or..????? Yes, I'm cynical as I used to work for a rather large health insurance company.. pffffftttt.

  4. lambda_beta
    Linux

    "Unfortunately, we have joined numerous American companies and institutions who have been victimized by highly sophisticated, criminal cyber-attacks originating out of China"

    That must of taken a dozen PR guys pulling an all nighter to come up with that crap. The wording is amazing:

    - no medical records nor any financial data were grabbed by the miscreants

    - joined numerous American companies

    - victimized

    - highly sophisticated

    - originating out of China

    To whom do these assholes direct this stuff?

    1. Elmer Phud

      "To whom do these assholes direct this stuff?"

      Shareholders -- is there anybody else they actually care about?

      1. Cipher

        Absolutely. The statement that begins with "Importantly" gives a clear indication of what their worry is, it isn't their customers...

    2. Robert Helpmann??
      Childcatcher

      Victimized!

      So they have just failed to protect some of the most sensitive data concerning their customers who pay very real money with the expectation that this company would exercise due diligence in their actions? I would appreciate a statement from the company explaining how it is the victim and not its customers. Obviously, I do not know the details in this or any of the many other similar cases, but given the well known and publicized nature of this threat, it seems reasonable that any such breach should be grounds for a third party or regulatory investigation of negligence.

  5. Anonymous Coward
    Anonymous Coward

    Throw in the towel

    It's utterly hopeless. I do my best to stay away from healthcare IT, and I've still seen some shit. I assume this kind of thing happens all the time and simply isn't detected, especially in CMMS and the other myriad government bureaucracies.

  6. cortland

    Many years ago...

    Americans serving in Vietnam were allowed to mail home postage-free. All we had to do was put our rank, name, unit and APO and POSTAGE FREE on the envelope, appending below our service numbers.

    For a lot of us, that was our Social Security number. It also appeared inside our belts, hats, boots and shoes, and on our duffel's. Ive seen some on second-hand clothing, and footlockers, too.

    1. Cipher

      Re: Many years ago...

      As one of those Americans I would have to say that 45 years ago the ID theft problem was much different than it is today. There was no Interwebz to look things up on...

      An SSN wasn't normally connected to a bank account, drivers license or medical records. In those days the law specified a very narrow range of uses...

    2. lambda_beta
      Linux

      Re: Many years ago...

      Not sure which army you were in, but I served from 1967 to 1970 and my service number was NOT my SS number.

      1. Cipher

        Re: Many years ago...

        Just had a peek at my old dog tags and yes, it is my SSN on there. Check yours...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like