August 19, 2014

Share Everywhere

Hackers Steal 4.5 Million Patient Records In Massive Data Breach

4.5 million patient records were stolen from Community Health Systems in another massive data breach to hit headlines this year.

Community Health Systems operates 206 hospitals in 29 states with Florida (26), Pennsylvania (20), Tennessee (19), and Texas (18) being the states most affected by the data breach. The hack is believed to have been perpetrated from China by a group that traditionally seeks out intellectual property related to medical device and equipment development data. “The attacker was able to bypass the Company’s security measures and successfully copy and transfer certain data outside the Company,” stated Community Health Systems in its SEC Form 8-K filing.

Stolen Patient Data Protected By Health Insurance Portability And Accountability Act

Any patient who received treatment by or was referred to one of Community Health Systems’ network of affiliated physicians in the last five years is a part of the 4.5 million individuals affected by this massive breach. The hackers stole patient names, addresses, birthdates, telephone numbers, and social security numbers — all personal information protected under the Health Insurance Portability and Accountability Act (HIPPA). The hospital organization further reports medical/clinical information and credit card numbers were not stolen.

Community Health Systems has contracted with Mandiant, its forensic expert, to investigate the crime and give remediation advice. They have also addressed the malaware issue and taken steps to prevent subsequent similar type hacks.

An Alarming Data Breach Trend

This is just another of an alarming number of massive data breaches and security vulnerabilities that have plagued consumers since the beginning of the year. That hackers in the Community Health Systems data breach stole social security numbers with so many other patient data points puts these people at an especially high risk of identity theft, since most of the other information an identity thief would need to open fraudulent accounts was also collected. No need to create a synthetic identity.

We offer detailed advice on the immediate steps you should take if you are a part of this or other similar data breach in our article Breach Notification Tips: Protect Your Good Name. Community Health Systems has taken prudent steps to protect its patients by offering them identity theft protection services.

Don’t wait to become another statistic. Subscribe to an identity monitoring service such as our UltraSecure or UltraSecure+ Credit to help you protect your good name, so you’re prepared.

Why wait?

Updated 8/20/14 at 3:00 p.m. ET

A Mashable writer reported today that the vulnerability in OpenSSL called the Heartbleed bug that was discovered earlier this year is linked to the Community Health System hack.

Photo source iStock contributor feellife

Ezzy Languzzi

Ezzy is a working mother and educator. She writes from the perspective of a parent seeking to strike a balance between all that technology has to offer and its privacy implications. Ezzy lives in Boston with her husband, son, two dogs, and two chickens.

Join The Discussion

Your email address will never be published.