• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   Healthcare provider hit by advanced persistent threat: Protecting client information

Healthcare provider hit by advanced persistent threat: Protecting client information

  • Posted on:September 13, 2014
  • Posted in:Current News, Industry News, Vulnerabilities & Exploits
  • Posted by:
    Trend Micro
0

In mid-August, healthcare provider Community Health Systems announced that its computer system had fallen victim to an attack. The security incident, which took place in April and June, was an external criminal infiltration by an advanced persistent threat group based in China, The Wall Street Journal reported.

Community Health Systems, which operates 206 hospitals across 29 states, consulted cybersecurity firm Mandiant after discovering the attack. The data protection company determined that the likely cause of the attack was the advanced persistent threat organization. The group reportedly leveraged a considerably sophisticated malware sample to breach the healthcare provider’s internal systems.

The infection allowed hackers to sidestep all security measures present on Community Health Systems’ infrastructure, enabling them to copy and transmit sensitive information to an outside receiver. The data compromised in the attack includes the names, addresses, birthdates, phone numbers and Social Security numbers of the hospitals’ patients. While no financial information was breached, the details transmitted by hackers are more than enough to commit a whole host of fraudulent activities, including those connected with identity theft.

“Anytime you have Social Security numbers flying around, that’s never a good thing,” noted Blake Wiedman of The Crichton Group. “That’s one of the most severe losses.”

All told, cybercriminals were able to access the information of an untold number of patients, all of whom received treatment from Community Health Systems or were referred there in the past five years, according to HealthIT Security.

HIPAA violation requires mass notification
Although details are still emerging and officials are unsure of just how many patients’ information was breached, Health IT Security noted that the incident constitutes a violation of HIPAA, the Health Insurance Portability and Accountability Act. Therefore, Community Health Systems was required to notify all of its patients – 4.5 million of them.

The Office of Civil Rights database research found that the Community Health Systems incident was the second largest HIPAA breach ever. The Nashville Business Journal noted that this is second only to the 2011 breach of Tricare Management Activity, which impacted 4.9 million.

Advanced persistent threat group
HealthIT Security noted that once the advanced persistent threat group’s malware was discovered, Community Health Systems took steps to immediately remove it from its network. The healthcare provider’s third-party security firm noted that previously, the APT organization also sought to steal other intellectual property, including data connected with medical devices. Thankfully, this information wasn’t breached during the attack.

According to Symantec, advanced persistent threats utilize a typical set of phases to infiltrate a network, prevent being detected and take as much information as possible over a long period of time. These steps include:

  1. Reconnaissance: In the first phase, hackers gather information to better understand their target.
  2. Incursion: Next, the attackers penetrate the target network through specialized malware delivered via social engineering to certain exploitable systems or employees.
  3. Discovery: After breaking in, the goal of an advanced persistent threat is to remain within the system undetected for as long as possible. Once they’ve infiltrated the system, these threats leverage several parallel kill chains to prevent being uncovered.
  4. Capture: At this point, cyberthieves utilize their undetected position to actually steal the information they are after. Attackers also might deploy additional malware to make off with sensitive company data and interrupt business processes.
  5. Exfiltration: Once the targeted data is captured, hackers transmit the details outside the organization to a location under their control.

According to Trend Micro and ISACA’s Advanced Persistent Threat Awareness report, while APTs were once thought to only attack federal organizations, breaches in other sectors have demonstrated that this is a large-scale issue that can impact a number of different sectors. Furthermore, although 53.4 percent of businesses don’t think APTs differ from conventional system security risks, 63 percent noted that it is only a matter of time before their organization falls victim to an APT attack.

Protecting data from advanced persistent threats
There are certain strategies organizations can leverage to prevent being targeted by an advanced persistent threat. The Trend Micro survey found that right now, almost 60 percent of companies believe they are prepared to deal with an APT attack due to the security measures they have in place. These can include a range of protections, but the majority of businesses leverage monitoring systems, anti-virus and anti-malware software, network technologies like firewalls, and sandboxes. In addition, many organizations also have safety protocols in place to prevent APT intrusion from mobile locations, including endpoint controls, remote access technology, mobile anti-virus and mobile security gateways. Additional controls like network segregation and more focus on email security and user training are also helpful, Trend Micro noted.

Overall, being aware of the risk advanced persistent threats can pose bolsters the ability to prevent such attacks.

“[APTs] are different from traditional threats and need to be considered as a different class of threat,” the Trend Micro ISACA report stated.

Related posts:

  1. Best security practices for preventing advanced persistent attacks
  2. Recognizing traces of an advanced persistent threat
  3. Advanced persistent threats are sophisticated but manageable
  4. Dissecting Advanced Persistent Threats

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.