Hackers steal HIPAA-protected info of 4.5 million people from hospital network

Share this article:


Long-term care and other provider types already have been on the alert for large-scale computer breaches, and their concerns likely will be stoked by news that one of the nation's largest hospital organizations has been hacked. The personal information of about 4.5 million patients was compromised in the cyber-attack, Community Health Systems announced in a regulatory filing Monday.

The infiltrations took place in April and June, CHS believes. It engaged a forensic expert, Mandiant, which believes the attack was launched from China. The hackers apparently used sophisticated malware usually used to steal intellectual property, such as medical device development information. The attack did not compromise this type of data, but did breach confidential patient information protected by the Health Insurance Portability and Accountability Act, CHS stated.

The information did not include credit card or medical data, but did include names, addresses, birth dates and Social Security numbers, according to the hospital group.

CHS says it has removed the malware and reported the breach to authorities. It is working with federal investigators and will offer identity theft protection services to affected individuals. The breach could lead to “remediation expenses, regulatory inquiries, litigation and other liabilities,” but is not likely to have a “material adverse effect” on the business or its financial results, according to the Form 8-K filing.

CHS has 206 affiliated hospitals in 29 states. It recently was in the news for an unrelated matter, after it reached a $98 million settlement with the federal government over allegations that it increased reimbursements by admitting people as inpatients rather than keeping them in observation status.
Share this article:

More in News

Bulk of Medicaid to be managed care in two years: Avalere

Bulk of Medicaid to be managed care in ...

More than three-quarters of Medicaid beneficiaries will be enrolled in a managed care plan as of 2016, according to an Avalere Health analysis released Thursday. The numbers reveal that managed ...

Nursing home asked for employee's personal information too often, jury rules

The human resources department of a Maine nursing home did not properly protect a former employee's personal identification information, a jury recently ruled.

Test could confirm sepsis within an hour

Nursing home residents might benefit from a new way of diagnosing and treating sepsis made possible by discoveries out of the University of British Columbia.