Health Care

More | | | Editor

Hackers steal info from Trinity

Trinity Hospital says no credit card information accessed

  • Follow Health

Chinese hackers stole information about patients from clinics and physicians associated with Trinity Hospital of Augusta in April, and again in June, the hospital said in a statement Monday.

Trinity’s parent company, Community Health Systems Inc., said in a filing with the Securities and Exchange Commission that it was “the target of an external, criminal cyber attack” of Chinese hackers it believes occurred in April and June and affected 4.5 million patients. A statement from Trinity said the theft occurred for patients who had visited the physicians or clinics within the last five years. The company and Trinity both said it did not include medical or credit card information, but did include other information, such as “names, addresses, birth dates, telephone numbers and Social Security numbers,” according to Trinity’s statement.

“We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience to patients,” according to the Trinity statement. “Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection.”

Community said the hackers were an “Advanced Persistent Threat” group originating from China who used highly sophisticated malware and technology to attack the company’s systems,” according to the filing. The malware has been removed and new protections set up, according to the filing. The company is working with federal law enforcement authorities on an investigation and potential prosecution. But the Trinity statement also places some of the blame on the U.S. government.

“Many American companies and organizations have been victimized by foreign-based cyber intrusions. It is up to the federal government to create a national cyber defense that can prevent this type of criminal invasion from happening in the future.”

Comments (12) Add comment
ADVISORY: Users are solely responsible for opinions they post here and for following agreed-upon rules of civility. Posts and comments do not reflect the views of this site. Posts and comments are automatically checked for inappropriate language, but readers might find some comments offensive or inaccurate. If you believe a comment violates our rules, click the "Flag as offensive" link below the comment.
triscuit
3266
Points
triscuit 08/18/14 - 08:16 pm
9
1
"Though we have no reason to

"Though we have no reason to believe that this data would ever be used, all affected patients...."

Why the heck do you think they hacked this info? Of COURSE they want to use it!

bdouglas
5777
Points
bdouglas 08/18/14 - 08:20 pm
10
1
"The company and Trinity both

"The company and Trinity both said it did not include medical or credit card information, but did include other information, such as “names, addresses, birth dates, telephone numbers and Social Security numbers,” according to Trinity’s statement."

Who needs credit card information when you have EVERY SINGLE ITEM you need to apply for new credit cards with all of that information. Who needs numbers when you can get a physical card to use all you want?!

Little Lamb
49079
Points
Little Lamb 08/18/14 - 10:00 pm
8
1
Social Security Numbers

I've always been opposed to the use of SSNs for medical records. That number was originally intended for use only for the Social Secutity Administration. Now, everybody wants your SSN.

nocnoc
49164
Points
nocnoc 08/19/14 - 05:43 am
7
1
Although we are talking a few months of a breech period.

Don't miss the fact we are likely talking YEARS of data.

I was almost shutdown giving a speech back in 2000 at TechSec where I pointed out the Chinese were our biggest Hacker threat facing the USA.

You guess it, a group of Chinese attendees had a fit that I dare blame their country.

welbow
28026
Points
welbow 08/19/14 - 06:06 am
6
1
nocnoc, that's an amusing

nocnoc, that's an amusing anecdote given that hard-nosed system/network administration best practice says you block any country from accessing your resources unless you have a business reason not to - that goes double for places like China, Russia and Vietnam. Given all of the network abuse that those countries emanate, it's standard IMO to just block them period.

RE the story, they "take very seriously the security and confidentiality of private patient information." Hopefully, whoever got infected with malware had to take a remedial security awareness course - and they have taken real steps to reduce the chances of this happening again.

corgimom
38454
Points
corgimom 08/19/14 - 08:03 am
4
1
I had a fraud alert placed on

I had a fraud alert placed on my credit cards many years ago. I urge everyone to do the same.

nocnoc
49164
Points
nocnoc 08/19/14 - 09:15 am
4
1
Paid a company for ID Credit theft protection $448 a year

But noticed when buying a house they failed to see the loan app's and other things. So I spoke to a Bank Loan officer and he confirmed what I thought. Just paid the BIG 3 a total of under $30 dollars a year and have them FREEZE your credit history. The Big 3 have to by law tell you when someone tries to access your frozen profile.

BTW: that Major ID protection company still hasn't caught on I moved. So I won't be renewing my subscription.

nocnoc
49164
Points
nocnoc 08/19/14 - 09:37 am
4
2
welbow blocking countries

Yes it helps a little.
But with IP spoofing,ZOMBIE servers being used as go between's and dozen other ways to circumvent data security, it quickly becomes a major problem.

A hospital would have to take all patient data off line and go back to Data terminals instead of shared departmental computing cutting file access to INTERNAL Hospital use only.

An RSA 1024 type Encrypt De-Crypt rotating 1 up key might help a little but then a 30 sec time sync window becomes a nightmare.

All good solutions make it impossible to enact the FEDERAL LAWS requiring E_Scripts and Insurance payments. Once you move a FEDERALLY accepted standard then the hackers only have to hack 1 standard to compromise it all.

In too many case the hackers become the TRUSTED other side of the connection, there is little IT SECURITY to do except kill the internet.
Do a zero backup reload, apply only authorized updates and hope the Software Coders aren't in China and aren't the ones writing back-doors.

If you ever want a good example how easy it is circumvent security?
Dig up a program like Wireshark, that allows you to turn your WiFi adapter on in Promiscuous mode.

Then sit there watching all the data flowing around you and keep reminding yourself "I am Honest person", "I am Honest person","I am Honest person","I am Honest person".

nocnoc
49164
Points
nocnoc 08/19/14 - 09:42 am
3
1
My Suggestion to the Hospital

Contract a former X-force member from ISS (Internet Security Systems)
that refused to wear a suit and tie, when IBM bought the company.

But also monitor
http://xforce.iss.net/

corgimom
38454
Points
corgimom 08/19/14 - 12:03 pm
1
1
noc noc, that's what a fraud

noc noc, that's what a fraud alert does, too. That ID credit theft protection is a big ripoff.

corgimom
38454
Points
corgimom 08/19/14 - 06:17 pm
0
0
And noc noc- fraud alerts are

And noc noc- fraud alerts are FREE by Federal law. No charge.

nocnoc
49164
Points
nocnoc 08/20/14 - 08:07 am
0
0
ID theft vs. Credit and Check Fraud

A Fraud Alert was already on our 3 files any did not stop any of our 2010-13 problems.

ID theft marginally help with another later on incident in 2013.

But Freezing our files for under $28 has helped deter 2 attempts in the last almost 6 months.

It seem somewhere in the home loan food chain there is a Chinese/ Russian leak.

Now I only have to keep up with 3 toll free phone numbers and 3 pass codes.

It has actually kept us from impulsively applying for credit when shopping.

Back to Top

Search Augusta jobs