Community Health Systems is a network of 206 hospitals in 29 states, and today they’ve announced they were hacked. The hackers, working out of China, managed to get 4.5 million patient records including names, social security numbers, and addresses. CHS is now working with the FBI to identify and arrest the thieves.
The primary concern for victims now appears to be the threat of identity theft since the information taken was patient names, Social Security numbers, dates of birth, and addresses. The CHS.net site currently appears to be down, but the page listing their locations can be found here. There was a snapshot of the page taken on July 1st of this year on the Internet Archive’s Wayback Machine. CHS is liable for the loss of the information under the Health Insurance Portability and Accountability Act that protects patient records. That opens them up to potential lawsuits by patients affected by the data loss.
CHS will be notifying affected patients, but according to CNN, the state requirements for exactly how they’ll be notified vary by region, so that process may be a messy one. The network announced that the hacker malware has since been removed, and their system has been updated to prevent future attacks. They’ve also said they intend to offer identity theft protection to the affected patients, but we were unable to find details of exactly how they plan to do that.