Military equipment and private-sector trade secrets are well-known targets of China’s state-sponsored cyber espionage program. But there’s now a new target for an elite Chinese hacking outfit known as “APT 18” or, more colorfully, “Dynamite Panda”: U.S. personal medical records.
This week, the medical firm Community Health Systems revealed the personal data of 4.5 million of its patients was stolen by the Chinese hacking group earlier this year. The hospital group is among the largest in the US, with 206 facilities spread across 29 states.
Michael Riley, who covers cybersecurity for Bloomberg News, said the government-sponsored hackers stole the names, addresses, birthdates and Social Security numbers of Community Health System’s patients. He added the attack highlights the security vulnerabilities endemic to hospitals across the country, including the long-term susceptibility of digital medical records.
“I think [hospitals] are realizing that they are certainly a target for cyber espionage and from very sophisticated hackers,” Riley said, adding that cyber-attacks against hospitals have increased dramatically over the last year.
The motive behind the medical records breach remains unclear, Riley said, adding the attack is “out of character” for this particular hacking outfit.
One theory is that rogue members of the “Dynamite Panda” cyber unit used their abilities to obtain the personal information to sell it on the black market — typically the domain of eastern European cyber thieves — without approval from their superiors. The medical documents in question could be very valuable, Riley added, because they contain enough information to apply for new credit cards or open online retail accounts.
“If that’s the case — that a Chinese cyber spy also has a gig on the side — then those 4.5 million people should definitely be concerned about identity theft,” Riley said.
It’s also conceivable the hackers sought to steal all the data they could from Community Health's Systems databases, and simply ended up with the personal data. They may not have any intention to sell or use it, Riley said.
Additionally, the information may be used for adding supplementary data to the profiles of existing targets of the Chinese government.