CHS Hacked, 4.5M Patient Records Compromised

John Commins, August 18, 2014

The data affected was non-medical patient identification data related to Community Health Systems' physician practice operations and does not include patient credit card, medical, or clinical information, CHS says.

Community Health Systems Inc. said Monday that its computer network was "the target of an external criminal cyberattack" between April and June that may have compromised the personal data of 4.5 million patients.

"The Company and its forensic expert, Mandiant (a FireEye Company), believe the attacker was an "advanced persistent threat" group originating from China who used highly sophisticated malware and technology to attack the Company's systems," Franklin, TN-based CHS said in a Form 8-K filing Monday with the Securities and Exchange Commission.

"The Company has been informed by federal authorities and Mandiant that this intruder has typically sought valuable intellectual property, such as medical device and equipment development data."

"However, in this instance, the data transferred was non-medical patient identification data related to the Company's physician practice operations and affected approximately 4.5 million individuals who, in the last five years, were referred for or received services from physicians affiliated with the Company."

John Commins

John Commins is a senior editor at HealthLeaders Media.

Facebook icon
LinkedIn icon
Twitter icon