Re/code points to a recent SEC filing from the hospital chain, in which it reveals that it learned in July that its computer network “was the target of an external, criminal cyber attack” that lasted from April to June 2014.
CHS states that the believed source of the hack is an “Advanced Persistent Threat” group from China that was “able to bypass the Company’s security measures and successfully copy and transfer certain data outside the Company.”
The bad news is that the hack compromised “non-medical patient identification data” for around 4.5 million patients who visited the hospitals or one of its affiliated doctors during the the last five years. Data stolen in the hack included patient names, addresses, birth dates, telephone numbers and Social Security numbers
The not-horrible news is that CHS says it has confirmed the stolen data did not include credit card, medical or clinical information.
CHS says it will be offering identity theft protection services to individuals affected by the attack.