Community Health Systems Reports Data Breach Affecting 4.5M Patients | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Community Health Systems Reports Data Breach Affecting 4.5M Patients

August 18, 2014
by Rajiv Leventhal
| Reprints

The Franklin, Tenn.-based Community Health Systems, Inc. has said that the personal data of approximately 4.5 million patients was stolen by hackers from its computer network in April and June.

According to a story in Reuters, the company said the data, considered protected under the Health Insurance Portability and Accountability Act (HIPAA), included patient names, addresses, birth dates, telephone numbers and Social Security numbers. It did not include patient credit card or medical information, however. The breach was reported by the organization in a Securities and Exchange Commission (SEC) filing.

It further said the security breach had affected about 4.5 million people who were referred for or received services from doctors affiliated with the hospital group in the last five years. The company said it is notifying affected patients and regulatory agencies as required by law.

The rural hospital operator and cybersecurity firm Mandiant believe the attacker was an "Advanced Persistent Threat" group originating from China, according to a Wall Street Journal report. The attacker, who used highly sophisticated malware and technology to attack the company's systems, was able to bypass Community Health Systems' security measures and to successfully copy and transfer certain data outside the company, it said.

Community Health Systems is one of the nation’s largest operators of general acute care hospitals. It includes 206 affiliated hospitals in 29 states.

The Health IT Summits gather 250+ healthcare leaders in cities across the U.S. to present important new insights, collaborate on ideas, and to have a little fun - Find a Summit Near You!


See more on