The parent company of College Station Medical Center reports a cyberattack took information on 4.5 million patients from its computer network.
Community Health Systems says the attack bypassed its security systems in April and June of this year and took patient names, addresses, birthdates, phone and Social Security numbers from the last five years.
No medical or credit card records were taken.
The stolen information involved patients who were referred for or received services from physicians affiliated with the company. to or received care from doctors tied to the company.
CHS says it is notifying patients affected by the attack and offering them identity theft protection services.
CHS believes the attack was based in China and was likely looking for intellectual property.
CHS says applications have been deployed to protect against future attacks.
CHS owns, operates, or leases 206 hospitals in 29 states. That includes 18 in Texas, include The MED.
Below is a statement from College Station Medical Center:
Limited personal identification data belonging to some patients who were seen at physician practices and clinics affiliated with College Station Medical Center over the past five years was transferred out of our organization in a criminal cyber attack by a foreign-based intruder. The transferred information did not include any medical information or credit card information, but it did include names, addresses, birthdates, telephone numbers and social security numbers.
We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience to patients. Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection.
Our organization believes the intruder was a foreign-based group out of China that was likely looking for intellectual property. The intruder used highly sophisticated methods to bypass security systems. The intruder has been eradicated and applications have been deployed to protect against future attacks. We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack.
Many American companies and organizations have been victimized by foreign-based cyber intrusions. It is up to the Federal Government to create a national cyber defense that can prevent this type of criminal invasion from happening in the future.
Original story from the Associated Press:
FRANKLIN, Tenn. (AP) _ Hospital operator Community Health Systems says a cyberattack took information on more than 4 million patients from its computer network earlier this year.
The Franklin, Tennessee, company says no medical or credit card records were taken in the attack, which may have happened in April and June. But Community says the attack did bypass its security systems to take patient names, addresses, birthdates, phone and Social Security numbers.
The information came from patients who were referred to or received care from doctors tied to the company over the past five years.
Community Health Systems Inc. says it is notifying patients affected by the attack and offering them identity theft protection services.
The company owns, leases or operates 206 hospitals in 29 states.