Community Health Systems face cyberattack


August 19, 2014 at 12:00a.m.

Staff/wire report

FRANKLIN, Tenn.

Hospital operator Community Health Systems said a cyberattack took information on more than 4 million patients from its computer network earlier this year.

Hospitals operated by Community Health Systems include ValleyCare Health System of Ohio. Facilities in the system are Trumbull Memorial Hospital in Warren, Northside Medical Center in Youngstown, Hillside Rehabilitation Hospital in Howland and Sharon Regional Health System in Sharon, Pa.

The Franklin, Tenn., company said Monday that no medical or credit-card records were taken in the attack, which may have happened in April and June. But Community said the attack did bypass its security systems to take patient names, addresses, birthdates, and phone and Social Security numbers.

A statement released by ValleyCare and Sharon Regional said some patients who were seen at physician practices or clinics connected to ValleyCare in the past five years had limited personal identification “transferred out of our organization.”

“We take very seriously the security and confidentiality of private patient information, and we sincerely regret any concern or inconvenience to patients,” the statement said. “Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity-theft protection.”

The hospital operator said it believes the attack came from a group in China that used sophisticated malware and technology to get the information. Community Health has since removed the malware from its system and finalized “other remediation efforts” to prevent attacks.

A spokeswoman did not immediately respond to a request from The Associated Press seeking comment on the attacks.

The information that was taken came from patients who were referred to or received care from doctors tied to the company over the past five years.

Community Health Systems Inc. is notifying patients affected by the attack and offering them identity-theft protection services. The company owns, leases or operates 206 hospitals in 29 states.

The attack follows other high-profile data security problems that have hit retailers such as the e-commerce site eBay and Target Corp. Last year, hackers stole from Target about 40 million debit and credit-card numbers and personal information for 70 million people.

Shares of Community Health climbed 38 cents to $51.38 late Monday morning, while broader trading indexes also rose less than 1 percent.