[ISN] Community Health Systems Says It Suffered Criminal Cyberattack

http://online.wsj.com/articles/community-health-systems-says-its-suffered-criminal-cyberattack-1408365259 By ERIN MCCARTHY The Wall Street Journal Aug. 18, 2014 Community Health Systems Inc. CYH +1.29% said Monday that its computer network was a target of an external criminal cyberattack in April and June that affected data related to some 4.5 million individuals. The rural hospital operator and cybersecurity firm Mandiant believe the attacker was an “Advanced Persistent Threat” group originating from China, it said. The attacker, which used highly sophisticated malware and technology to attack the company’s systems, was able to bypass Community Health Systems’ security measures and to successfully copy and transfer certain data outside the company, it said. The company said it is notifying affected patients and regulatory agencies as required by law. The data transferred, which was nonmedical patient-identification data related to the company’s physician-practice operations, affected about 4.5 million individuals who were referred for or received services from company-affiliated physicians during the past five years. The data includes patient names, addresses, birth dates, telephone numbers and Social Security numbers, but not patient credit-card, medical or clinical information. Community Health Systems said it would offer identity-theft protection services to those affected by the attack. The intruder has typically sought valuable intellectual property, such as medical-device and equipment-development data, according to federal authorities and Mandiant, Community Health Systems said. […]