You’d expect your information to be secure with a health provider — but you might be wrong. Community Health Systems (CHS) reports they’ve had roughly 4.5 million patients who have had their information compromised. Though personal data was obtained in the hack, no medical records were accessed.
Community Health Systems revealed the breach in a regulatory filing today, saying that “patient names, addresses, birth dates, telephone numbers and social security numbers” were obtained, but not “medical or clinical information”. Community Health says they’ll reach out to patients who have had their data compromised.
It’s believed the hack originated in China, but that’s yet to be confirmed.
It’s not the first time Chinese hackers have been found or accused of pinching data. It’s the first time we’ve heard of any Chinese hackers targeting a health care provider, though.
The FBI says they’re working with CHS, and are “committing significant resources and efforts to target, disrupt, dismantle and arrest the perpetrators”. CHS has also hired cyber-security firm Mandiant to consult with the FBI as needed.
It’s believed the hackers have previously been targeting info on medical devices, not personal data. This would represent the first time they would have accessed personal data, which is protected by HIPAA laws. Those privacy laws mean anyone affected could sue CHS, so this breach could have a legal ripple effect.