Hackers access information on 4.5 million CHS patients - WFMJ.com News weather sports for Youngstown-Warren Ohio

UPDATED

Hackers access information on 4.5 million CHS patients

Posted: Updated:

A company that operates four Valley hospitals has confirmed that its computer network was the target of an external, criminal cyber attack, exposing information from 4.5-million patients.

According to a document filed with the Securities and Exchange Commission, Community  Health Systems and its forensic expert, Mandiant, believe the attacker was an “Advanced Persistent Threat” group originating from China who used highly sophisticated malware and technology to attack the Company's systems. CHS believes the attack occurred in April and June of this year.

CHS says that the information is non-medical, and does not include credit card information.  However it includes patient names, addresses, birthdates, telephone numbers and social security numbers.

CHS recently took over operations of Sharon Regional Hospital, and is the  parent company of ValleyCare, which operates Northside, Trumbull Memorial Hospital and Hillside Rehabilitation Hospital.

ValleyCare issued a statement Monday afternoon acknowledging  that the data includes some from patients who were seen at physician practices and clinics affiliated with ValleyCare Health System of Ohio over the past five years.


CHS says the attacker was able to bypass the company's security measures and successfully copy and transfer certain data outside the company. Since first learning of this attack, CHS tells federal regulators that it has worked closely with federal law enforcement authorities in connection with their investigation and possible prosecution of those determined to be responsible for this attack.

The company also engaged Mandiant, which has conducted a thorough investigation of this incident and is advising the company regarding remediation efforts. Immediately prior to the filing of the document with the  SEC,  CHS says it completed eradication of the malware from its systems and finalized the implementation of other remediation efforts that are designed to protect against future intrusions of this type.

The company has been informed by federal authorities and Mandiant that this intruder has typically sought valuable intellectual property, such as medical device and equipment development data. However, in this instance the data transferred was non-medical patient identification data related to the company's physician practice operations and affected approximately 4.5 million individuals who, in the last five years, were referred for or received services from physicians affiliated with the company.

The company has confirmed that this data did not include patient credit card, medical or clinical information; the data is, however, considered protected under the Health Insurance Portability and Accountability Act (“HIPAA”) because it includes patient names, addresses, birthdates, telephone numbers and social security numbers.

The company is providing appropriate notification to affected patients and regulatory agencies as required by federal and state law.

The company will also be offering identity theft protection services to individuals affected by this attack. CHS says it carries cyber/privacy liability insurance to protect it against certain losses related to matters of this nature.

According to the SEC filing, while this matter may result in remediation expenses, regulatory inquiries, litigation and other liabilities, at this time, the company does not believe this incident will have a material adverse effect on its business or financial results.

  • More From wfmj.comHot ClicksMore>>

  • Trump tells grads 'you don't give up, you don't give in'

    Trump tells grads 'you don't give up, you don't give in'

    Saturday, May 26 2018 9:36 AM EDT2018-05-26 13:36:11 GMT
    President Donald Trump is set to address the 2018 graduates of the United States Naval Academy Friday.More >>
    President Donald Trump is set to address the 2018 graduates of the United States Naval Academy Friday.More >>
  • Authorities: Suspected restaurant gunman had gun license

    Authorities: Suspected restaurant gunman had gun license

    Saturday, May 26 2018 3:56 AM EDT2018-05-26 07:56:45 GMT
    (Bryan Terry/The Oklahoman via AP). Jennifer Stong hugs Tasha Hunt outside the scene of a shooting on the east side of Lake Hefner in Oklahoma City, Thursday, May 24, 2018. Stong was inside the restaurant when the shooting occurred.(Bryan Terry/The Oklahoman via AP). Jennifer Stong hugs Tasha Hunt outside the scene of a shooting on the east side of Lake Hefner in Oklahoma City, Thursday, May 24, 2018. Stong was inside the restaurant when the shooting occurred.
    Police: Man armed with pistol shot and wounded two customers at Oklahoma City restaurant before being shot dead by handgun-carrying civilian in parking lot.More >>
    Police: Man armed with pistol shot and wounded two customers at Oklahoma City restaurant before being shot dead by handgun-carrying civilian in parking lot.More >>
  • Exit polls suggest Irish voters have repealed abortion ban

    Exit polls suggest Irish voters have repealed abortion ban

    Saturday, May 26 2018 2:23 AM EDT2018-05-26 06:23:41 GMT
    (Clodagh Kilcoyne/PA via AP). Presiding officer Carmel McBride looks on as a woman casts her vote in the referendum on the 8th Amendment of the Irish Constitution, on Thursday May 24, 2018, a day early for the people that live off the coast of Donegal ...(Clodagh Kilcoyne/PA via AP). Presiding officer Carmel McBride looks on as a woman casts her vote in the referendum on the 8th Amendment of the Irish Constitution, on Thursday May 24, 2018, a day early for the people that live off the coast of Donegal ...
    Voters throughout Ireland have begun casting votes in a referendum that may lead to a loosening of the country's strict ban on most abortions.More >>
    Voters throughout Ireland have begun casting votes in a referendum that may lead to a loosening of the country's strict ban on most abortions.More >>
Powered by Frankly
All content © Copyright 2000 - 2018 WFMJ. All Rights Reserved. For more information on this site, please read our Privacy Policy and Terms