Medical Records Thieves: Are We Better Off Than We Used to be?

You may – or may not – even be aware that Chinese hackers have been stealing prescription drug formulas, medical device blueprints and lots of other highly valuable intellectual property from large health-care companies.

You may – or may not – know they have already stolen 4,500,000 patient medical records.

The appalling extent of the data breach became known in the summer of 2014, when Community Health Systems, a Franklin Tennessee-based hospital chain, disclosed an extensive breach involving their private patient information that had been stolen for at least five years. Patient names, addresses, birthdates and Social Security numbers were routinely being stolen electronically, without the hospital management company’s computer people even being aware of the theft. Community Health Systems hired a security firm to investigate. And that firm – FireEye’s Mandiant division – has reported to the U.S. government that the hackers responsible are in China.

“We have tracked this group for the past four years and internally refer to them as APT 18,” said Charles Carmakal, managing director of Mandiant, in an e-mail. “This group typically targets companies in the aerospace and defense, construction and engineering, technology, financial services, and health-care industry verticals.”

Security experts report that it is unusual for corporate secret thieves to pay any attention at all to personal data – which is typically the focus of Eastern European cyber-crime rings. But it’s happening now.

The Reasons

Experts believe it is possible the Chinese hackers simply downloaded everything they could from Community Health’s electronic files,  and ended up with a ton of personal data, with no plan to do anything with it.

Other security professionals say a more likely theory, is that rogue members of the Chinese criminal group, tempted by the money they could make, stole the data to sell it on the black market, in actions not known by their superiors.

U.S. law enforcement has been tracking the Chinese electronic data thieves for several years and they say this is the first time they have deviated from industrial espionage to personal information. They believe the thieves are a different group than the Shanghai-based People’s Liberation Army Unit 61398, who last May, were  charged by the U.S. Justice Department, with stealing industrial business secrets from corporate giants  U.S. Steel and Alcoa.

The FBI said in a statement that it is working with Community Health to investigate the patient information theft.

“We understand the significance of this and other recently announced cyber intrusions by state actors and other cyber criminals and are committing significant resources and efforts to target, disrupt, dismantle and arrest the perpetrators,” the agency said.

Why Steal Patient Medical Files?

Medical records are most coveted – oddly – for the non-medical information they contain. They are an extremely valuable commodity. They expose all kinds of personal information needed to open lines of credit and receive services in victims’ names.  So hackers are more interested in attacking the medical sector than ever before. And what patients don’t realize is that – compared to other types of businesses – hospitals and clinics are often far, far behind, when it comes to data protection systems.

For the past 2 years, Dell’s SecureWorks  has responded to multiple intrusions by a hacking group targeting health-care and pharmaceutical companies, according to the company. The group uses phishing e-mails and has even gained physical access to computers to infect target companies.

For investigators, it’s often not hard to determine hackers’ motivations, but it is hard to figure out their identities. In this case, it’s the other way around.

You know, old-school paper medical records? Remember them? They just never seemed to have these problems.

So are we really better off now?



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s