A large health system has reported a cyberattack affecting nearly 4.5 million people, according to a recent SEC regulatory filing issued by the system. Hackers allegedly accessed the system’s computer network and stole information of patients who were referred for or received services from the system in the past five years.
It’s believed that the hacker group is located in China and intended to access “intellectual property, such as medical device and equipment development data” but instead accessed patient identification data. They believe the attack occurred in April and June. Stolen data include names, addresses, birth dates, telephone numbers and Social Security numbers. No financial or clinical information was accessed, according to the filing.
As more and more providers convert to electronic medical records the threat of such attacks grows daily. The hackers described above may have been looking for medical device data but the information they have may be just as valuable if it falls into the wrong hands. Having access to full demographic data – name, social, address, etc… – is a big deal and worth a lot of money on the open market. Hopefully the identity of those affected won’t be stolen or compromised but I’m guessing there are 4.5 million people paying close attention to their credit report.