What You Should Know about the [Potential Health Data Breach]
The Department of Homeland Security recently became aware that [Community Health Systems] suffered a data breach as a result from an external cyber-attack, known as an Advanced Persistent Threat (APT). APTs are sophisticated, long-term attacks usually targeting a specific company or entity. [Community Health Systems] believes that these may have compromised the personal information of 4.5 million patients. The compromised information includes patient names, birth dates, addresses, telephone numbers, and social security numbers. The information does not include personal medical information or credit card numbers. [Community Health Systems] is working with a third party security vendor to lessen the effects of the breach, and will notify affected patients and offer identity theft protection services to affected individuals.
Unfortunately the health sector – which possesses a lot of intellectual property data and personally identifiable information – is a common target for cyber criminals. The Department of Homeland Security is working with the FBI and the Department of Health and Human Services to assist in sharing specific vulnerabilities and mitigations with the healthcare industry to prevent additional breaches from occurring.
Tips for Consumers
If you are a patient with [Community Health Systems], look for notification from the company on whether you were affected, and additional information on identity theft protection services.
If you believe you may have been a victim of this data breach or other Internet crimes, US-CERT recommends that you file a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center at http://www.ic3.gov.
Cyber criminals can use personal information, such as the types of information compromised in this attack, to steal people’s identities and access their banking, shopping, social media, and other personal accounts. To protect yourself, practice safe online behavior and follow these cyber hygiene tips from the DHS Stop.Think.Connect. ™ Campaign:
- Choose strong passwords and change them often. A strong password uses a combination of letters, numbers, and symbols (when allowed) and does not include a person’s name or other commonly known information such as their children or pet’s names.
- Do not use the same password for multiple accounts.
- Criminals will often use high profile incidents like this data breach to conduct scams such as fake identity theft services or using personal information to pretend to be a legitimate company. Be aware of possible phishing attempts. If you receive an email prompting you to change your account password claiming to be from your email provider, bank, or another website you frequently make sure the email is legitimate. To be safe, go directly to websites to change your password, and type the link yourself rather than clicking on links embedded in emails.
- Be on the lookout for other people accessing your personal accounts. Monitor email and social media accounts for suspicious messages or messages appearing from you, but that you did not send. Monitor bank and credit card accounts for unauthorized charges.
- Request a free credit report to ensure no unauthorized accounts have been opened in your name.
- Small and medium sized businesses, such as medical care providers, may have been affected by this breach as well. All businesses, regardless of size, should examine their current cybersecurity practices and work to improve the safety of their data. DHS has many resources to help businesses assess and improve their cybersecurity. More information can be found via the DHS Critical Infrastructure Cyber Community (C3) Voluntary Program at https://www.us-cert.gov/ccubedvp/getting-started-business.
The Stop.Think.Connect.™ Campaign is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. For more cyber resources and tips, please visit www.dhs.gov/stopthinkconnect.
Think about how many times you have gone online in the past week. What did you do while online? Check your email? Track your finances? Share pictures and videos? The Internet today has become an invaluable resource in both our professional and personal lives. However, as technology advances, so do the techniques cybercriminals use to gain access to our computer networks. If each of us becomes more aware of cybersecurity risks and implements a few simple steps, we can all make a big difference. Below find resources to help you get started.
The Stop.Think.Connect. Toolkit provides tools to host your own cybersecurity awareness discussion or activity. Download the Toolkit materials that are right for you.
Get tips on how to protect yourself, your families, and members of your community against potential cyber threats. Read our cyber tips.
View informational and educational videos from the Stop.Think.Connect. Campaign and its partners.
Multilingual Resources Stop.Think.Connect. resources have been translated into several languages. Check out our multilingual resources here.
The Campaign is partnering with a number of organizations to help keep you and your family safe. See our list of recommended additional resources.