In spring of 2014, Community Health Systems (CHS), an operator of 206 hospitals in the United States experienced a very large breach. The attack lasted for two months from April to June. The attackers are believed to be a foreign group and used a very sophisticated malware to steal information from hospital patients.
Data from 5.4 million patients was stolen including names, dates of birth, social security numbers, addresses, emails and much more.
This data had been sitting in the company systems for the past 5 years. Once the hackers were able to bypass the security systems CHS had in place using this malware, the data was theirs. This sensitive information can be used in a variety of forms when it reaches the wrong hands resulting in major costs for the company.
For CHS, the cost was between $75 and 150 million. These costs included remediation, regulatory fines, litigation, identity theft protection programs and more. A more complex breach prevention strategy and a more efficient response would’ve drastically reduced these costs for CHS. This is an important lesson for companies everywhere who are holding sensitive client information.