The company that owns 20 hospitals in Pennsylvania said a cyberattack took information on more than 4 million patients from its computer network earlier this year.
Tennessee-based Community Health Systems Inc. said Monday that no medical or credit card records were taken in the attack, which may have happened in April and June. But Community said the attack did bypass its security systems to take patient names, addresses, birthdates, and phone and Social Security numbers.
The hospital operator said it believes the attack came from a group in China that used sophisticated malware and technology to get the information. Community Health has since removed the malware from its system and finalized "other remediation efforts" to prevent future attacks.
The information that was taken came from patients who were referred to or received care from doctors tied to the company over the past five years.
Community Health Systems Inc. is notifying patients affected by the attack and offering them identity theft protection services. The company owns, leases or operates 206 hospitals in 29 states, including 20 in Pennsylvania. A spokesperson for Community Health told NBC10 that the affected data covered records from some physician practices affiliated with certain hospitals in the organization and not hospital records.
'The data did not include medical or clinical information or credit card or financial information," the spokesperson said.
The following Pennsylvania-area hospitals are operated by Community Health Systems:
- Berwick Hospital Center – Berwick, Pennsylvania
- Brandywine Hospital – Coatesville, Pennsylvania
- Carlisle Regional Medical Center – Carlisle, Pennsylvania
- Chestnut Hill Hospital – Philadelphia, Pennsylvania
- Easton Hospital – Easton, Pennsylvania
- First Hospital Wyoming Valley – Kingston, Pennsylvania
- Heart of Lancaster Regional Medical Center – Lititz, Pennsylvania
- Jennersville Regional Hospital – West Grove, Pennsylvania
- Lancaster Regional Medical Center – Lancaster, Pennsylvania
- Lock Haven Hospital – Lock Haven, Pennsylvania
- Memorial Hospital – York, Pennsylvania
- Moses Taylor Hospital – Scranton, Pennsylvania
- Phoenixville Hospital – Phoenixville, Pennsylvania
- Pottstown Memorial Medical Center – Pottstown, Pennsylvania
- Regional Hospital of Scranton – Scranton, Pennsylvania
- Sharon Regional Health System – Sharon, Pennsylvania
- Special Care Hospital – Nanticoke, Pennsylvania
- Sunbury Community Hospital – Sunbury, Pennsylvania
- Tyler Memorial Hospital – Tunkhannock, Pennsylvania
- Wilkes-Barre General Hospital – Wilkes-Barre, Pennsylvania
The attack follows other high-profile data security problems that have hit retailers like the e-commerce site eBay and Target Corp. Last year, hackers stole from Target about 40 million debit and credit card numbers and personal information for 70 million people.
Shares of Community Health climbed 38 cents to $51.38 late Monday morning, while broader trading indexes also rose less than 1 percent.