Welcome to the Business Journal Archives
Search for articles below, or continue to the all new BusinessJournalDaily.com now.
Search
Hackers Steal Data from Community Health Systems
YOUNGSTOWN, Ohio – Community Health Systems Inc., which operates four hospitals in the Mahoning and Shenango valleys, announced this morning that it was the victim of a data breach targeting nonmedical patient identification data.
CHS, based in Franklin, Tenn., confirms that its computer network had been hit in April and June, the company reported in a filing today with the U.S. Securities and Exchange Commission. CHS operates ValleyCare Health System of Ohio, which operates three hospitals in Mahoning and Trumbull counties, and Sharon Regional Health System in Sharon, Pa.
The company and its forensic expert, Mandiant, a FireEye company, “believes the attacker was an ‘Advanced Persistent Threat’ group originating from China who used highly sophisticated malware and technology to attack” its systems, bypassing its security measures and copying and transferring “certain data outside the company,” according to the SEC filing.
The transferred data was non-medical patient identification data -- including patient names, addresses, birthdates, telephone numbers and Social Security numbers -- related to CHS’ physician practice operations. The breach affects approximately 4.5 million individuals who, during the past five years, were referred for or received services from physicians affiliated with CHS.
The affected data did not include patient credit card, medical or clinical information, CHS said.
A spokesman for ValleyCare of Ohio had not responded to requests for information on if and how many area residents are affected by the data breach.
CHS said it learned of the attack in July and has since worked with federal law enforcement authorities in connection with their investigation and possible prosecution of the parties determined to be responsible for the attack. In addition, it is providing “appropriate notification to affected patients and regulatory agencies as required by federal and state law” and will offer identity theft protection services to individuals affected by the attack.
“While this matter may result in remediation expenses, regulatory inquiries, litigation and other liabilities, at this time, [CHS] does not believe this incident will have a material adverse effect on its business or financial results,” the company said in its SEC filing.
Published by The Business Journal, Youngstown, Ohio.
CLICK HERE to subscribe to our twice-monthly print edition and to our free daily email headlines.