Morning Security Brief: Patient Data of 4.5 Million Compromised, EU Privacy Safeguards, Latin American Security, and More

By Holly Gilbert Stowell

► The healthcare information of approximately 4.5 million patients in the United States has been compromised by Chinese hackers, according to a filing on Monday with the U.S. Securities and Exchange Commission (SEC) by a rural health group with several locations across the country. In its filing with the SEC, Community Health Systems, based in Franklin, Tennessee, said the attack happened in June, and that attackers made off with patient information including names, addresses, telephone numbers, birth dates, and social security numbers. Community Health Systems says it believes the attack was carried out by a group of advanced persistent threat actors who may be based in China. The company employed forensic computer experts from Mandiant, who say that the hacking group was able to “bypass the company’s security measures and successfully copy and transfer certain data out of the company.” However, federal authorities told the company that these advanced persistent threat groups typically seek “valuable intellectual property,” such as “medical device and equipment development data from other medical centers,” according to USA Today. However, in this case they were only able to get away with patient identification data “related to the company’s physician practice operations.” The company says it has since purged its system of the malware used to stage the attack.

► The U.S. Center for Digital Democracy (CDD) has filed a complaint at the U.S. Federal Trade Commission (FTC), outlining that the privacy of European Union (EU) citizens whose data is collected by U.S. companies is not being properly protected under a framework designed to safeguard that information. The CDD’s complaint claims that the document, known as the U.S.-EU Safe Harbor, is not protecting the privacy of EU citizens as it promises to do. According to Democratic Media’s website, the FTC filing “calls for an investigation of 30 companies involved in data profiling and online targeting,” all of which track and collect data on consumers for market research. Those entities include data brokers, data management platforms, and mobile marketers who track devices for advertising, including Adobe and CDD’s executive director said in a statement, “The U.S. is failing to keep its privacy promise to Europe… The Big Data-driven companies in our complaint use Safe Harbor as a shield to further their information-gathering practices without serious scrutiny.” 

► Gallup is reporting that citizens of Latin America and the Caribbean feel the least secure in their communities out of all global regions, a trend which has not improved over the last five years. According to the research firm’s website, “ In 2013, the region scored a 56 (on a scale from 0 to 100) on Gallup's Law and Order Index, which is based on confidence in local police, feelings of personal safety, and self-reported incidence of theft.” Those most likely to feel secure globally were Southeast Asia, East Asia, the United States, and Canada. Gallup says that while Latin America and the Caribbean’s security scores have failed to improve, scores have gone up in nations over the last few years in the former Soviet Union, “a region that had a similarly low score as Latin America and the Caribbean in 2009.” Venezuela had the highest index score in the world at 41, which Gallup says is due to a number of factors including a surging murder rate and residents’ lack of confidence in the country’s police force. The highest index scores in the region belong to Nicaragua, Panama, and Chile. 

► In other news, clashes between police and protesters continue in Ferguson, Missouri where law enforcement says protests have turned to riots, including “premeditated criminal acts designed to damage property, hurt people, provoke a response.” ⇒ Dozens of refugees attempting to flee Eastern Ukraine were killed on Monday, including women and children, in an attack on their caravan of vehicles by separatist rebels, ⇒ and a holding facility for Ebola patients waiting for treatment was attacked in Liberia on Saturday, and many infected with the disease fled.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.