Huge Hacking Breach at Community Health Systems

Community Health Systems, which owns, manages or leases 206 hospitals in 29 states, has been hacked with protected health information covering 4.5 million patients compromised.


Community Health Systems, which owns, manages or leases 206 hospitals in 29 states, has been hacked with protected health information covering 4.5 million patients compromised.

The Franklin, Tenn.-based company will be offering affected patients identity theft protection services, it disclosed in an August 18 filing with the Securities and Exchange Commission. The hackers, believed to be operating out of China, copied and transferred non-medical patient identification data from physician practice operations that included names, addresses, birthdates, telephone numbers and Social Security numbers.

CHS has not yet placed a prominent notice on its Web site or issued media notifications as required under the HIPAA breach notification rule; those actions likely will come soon. Notification to the SEC is required because the hacking is a material event, but CHS in the filing says it carries cyber/privacy liability insurance and “does not believe this incident will have a material adverse effect on its business or financial results.”

CHS in the report to the SEC says it confirmed in July the hacking of its computer network as an external criminal cyber attack that it believes occurred in April and June 2014. “Immediately prior to the filing of this report, the company completed eradication of the malware from its systems and finalized the implementation of other remediation efforts that are designed to protect against future intrusions of this type.”

CHS contracted with forensics firm Mandiant to investigate the breach and assist with remediation activities. A spokesperson for CHS did not immediately respond to a request for additional information; it should be noted that the organization is receiving many such requests today.

More for you

Loading data for hdm_tax_topic #reducing-cost...