On Monday, Community Health Systems (CHS), which runs 206 affiliated hospitals across the U.S., announced that hackers from China had broken into its computer network and stole data on about 4.5 million patients. They believe that the cyber attacks occurred in April and June of this year.

CHS' forensic expert, Mandiant, conducted a thorough investigation and believes that the perpetrator is an "advanced persistent threat" group from China that has very sophisticated malware and technology, according to a report.

The group bypassed CHS' security measures and copied and transferred the patient data. The data did not include credit card, medical or clinical information but it did include the patients' names, addresses, birth dates, telephone numbers and social security numbers.

However, the federal authorities and Mandiant told CHS that the attackers typically go after medical device and equipment development data.

CHS already removed the malware from their systems and has implemented other remediation efforts to prevent the breach from happening again. They are now working with federal law enforcement authorities on their investigation into the incident and to potentially prosecute the attackers.

They are also notifying the affected patients and regulatory agencies and will be offering identity theft protection services. Even though they were hit with remediation expenses, regulatory inquiries and litigation, they don't expect the incident to negatively impact their business or financial results.

DOTmed News contacted CHS but they did not immediately respond.

David Whitney, a senior consultant at Ascendian Healthcare Consulting, told DOTmed News that the breach happened because there was a "well-known flaw" with the security software platform that CHS ran. The flaw enabled the hackers to create a hole in the security perimeter.

But he said that the breach could have been avoided. "It could have been prevented and that's a matter of compliancy and protocol that is put in place if you're a security department at a hospital," he said.

Data security breaches in hospitals are a major problem in the U.S. A study from the Ponemon Institute conducted a few years ago found that 94 percent of health care organizations had at least one data breach over a two year span.

Whitney said that it's only going to get worse now that the industry is moving towards cloud-based applications and information exchanges. "That's basically making that data accessible from anywhere at any time," he said.

But many of the software vendors are taking action to curb this problem. "The actual software vendors that are creating these software applications are taking much more consideration in how these potential holes are addressed up front," said Whitney.

More Industry Headlines