Aug. 19--SAN ANGELO, Texas -- A cyberattack reported late Monday by Community Health Systems nationwide might affect Concho Valley residents who have received services at San Angelo Community Medical Associates and MediCenter-West in the past five years.
"The transferred information did not include any medical information or credit card information," Sheryl Pfluger, medical center business development and marketing director, said in a written statement.
The security breach involved names, addresses, birth dates, telephone numbers and Social Security numbers, Pfluger said.
Community Health Systems said in a news release the foreign-originating cyberattack took information on more than 4 million patients nationwide from the company's computer network in April and June 2014. "We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience this event may cause for our patients," Pfluger said. "Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection."
Pfluger said that Community Health Systems believes the intruder was likely looking for intellectual property.
"The intruder used highly sophisticated methods to bypass security systems," she said. "The intruder (malware) has been eradicated and applications have been deployed to protect against future attacks. We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack."
The Franklin, Tennessee, company owns, leases or operates 206 hospitals in 29 states, including San Angelo Community Medical Center as well as other Texas facilities in Abilene, Big Spring, Brownwood and elsewhere in the state.
In its report to the U.S. Security and Exchange Commission on Monday, Community Health Systems stated it "believes the attacker was an 'advanced persistent threat' group originating from China who used highly sophisticated malware and technology to attack the company's systems."
Symantec security systems defines this on its website:
"An advanced persistent threat (APT) uses multiple phases to break into a network, avoid detection, and harvest valuable information over the long term." Five phases are involved -- reconnaissance, incursion, discovery, capture and exfiltration. Malware is installed and used at the information capture stage.
Community Health reported it has removed the malware from its system and finalized "other remediation efforts" to prevent future attacks.
The attack follows other high-profile data security problems that have hit retailers like Target and the e-commerce site eBay. Last year hackers stole about 40 million debit and credit card numbers and personal information for 70 million people from Target. "Many American companies and organizations have been victimized by foreign-based cyberintrusions," Pfluger said. "It is up to the federal government to create a national cyberdefense that can prevent this type of criminal invasion from happening in the future."
This article contains material from The Associated Press.
(c)2014 San Angelo Standard-Times (San Angelo, Texas)
Visit the San Angelo Standard-Times (San Angelo, Texas) at www.gosanangelo.com
Distributed by MCT Information Services