Hackers Steal Info For 4.5 Million Hospital Patients

The new week begins much like the previous week ended — with news of another massive data breach. The latest hack victims are the millions of patients of Community Health Systems, which operates more than 200 hospitals in 29 states.

Re/code points to a recent SEC filing from the hospital chain, in which it reveals that it learned in July that its computer network “was the target of an external, criminal cyber attack” that lasted from April to June 2014.

CHS states that the believed source of the hack is an “Advanced Persistent Threat” group from China that was “able to bypass the Company’s security measures and successfully copy and transfer certain data outside the Company.”

The bad news is that the hack compromised “non-medical patient identification data” for around 4.5 million patients who visited the hospitals or one of its affiliated doctors during the the last five years. Data stolen in the hack included patient names, addresses, birth dates, telephone numbers and Social Security numbers

The not-horrible news is that CHS says it has confirmed the stolen data did not include credit card, medical or clinical information.

CHS says it will be offering identity theft protection services to individuals affected by the attack.

Read Comments3

Edit Your Comment

  1. Xenotaku says:

    Dear CHS. Thank you for notifying me that my information has been compromised. Oh wait.

  2. Mokona512 says:

    The identity theft protection does not work when it is offered fora limited time as the attackers will simply wait.

    Many of these companies use bad security by not encrypting the data properly, and when an issue happen, they feel that just giving everyone a year of ID theft protection will fix everything. The law should at least require them to pay for ID theft protection for the life of the customer.

  3. Raekwon says:

    I got notified about this. From the letter I got it said something about the breach being done on a server that was being tested and had some real patient info put on it for testing purposes. I should go find that letter if Consumerist doesn’t already have a copy of it.