Health System Reports Cyber Attack, Breach of Nonmedical Patient Information
August 20, 2014 | Risk Management News
A Tennessee-based healthcare system has notified the U.S. Securities and Exchange Commission that its computer network was the target of a criminal cyber attack that occurred between April and June 2014. The organization's forensic experts believe that the attacker was part of an advanced persistent threat group operating from China, which previously sought valuable intellectual property, such as medical device and equipment development data. In this breach, the attacker successfully bypassed the healthcare system's security measures and copied nonmedical patient identification data related to physician practice operations affecting approximately 4.5 million individuals.