About 4.5 million patients have been affected by a data breach at hospital operator Community Health Systems after its computers systems were hacked sometime between April and June.
The US-based company says that the compromised data includes names, addresses, dates of birth, social security numbers and phone numbers. Community Health Systems has stated that no medical information or credit card numbers were affected.
The far reaching hack has implications for any patient that received treatment from, or was referred to, doctors and hospital staff working with the company over the last five years, reports Reuters.
Mandiant, a FireEye company that provides cybersecurity services for Community Health Systems, says it believes the attacks originated in China from an “Advanced Persistent Threat” group.
“The attacker was able to bypass the Company’s security measures and successfully copy and transfer certain data outside the Company,” says Community Health, which operates more than 200 hospitals in 29 states.
The hospital company says it now contacting those affected, as it is compelled to by law in its regulatory filing, where it says it has been working closely with federal law enforcement since learning of the attack.
It also states in the filing:
“Immediately prior to the filing of this Report, the Company completed eradication of the malware from its systems and finalized the implementation of other remediation efforts that are designed to protect against future intrusions of this type.”
“While this matter may result in remediation expenses, regulatory inquiries, litigation and other liabilities, at this time,” the filing continues, “the Company does not believe this incident will have a material adverse effect on its business or financial results.”
It goes on to say that it will offer identity protection services to all those affected.
Neither the company nor Mandiant has provided any further comment at this time.
The breach follows a warning issued by the FBI back in April that healthcare systems were poor and vulnerable to cyber-attacks, which could lead to accessing bank accounts and clinical data.