Community Health Systems, which operates nine hospitals in Illinois, says it was hit by a “criminal cyber-attack” where thieves operating out of China likely stole confidential data on 4.5 million patients.
“The company has confirmed that this data did not include patient, credit card, medical, or clinical information,” Community Health said in a statement filed Monday with the Securities and Exchange Commission. “It includes patient names, addresses, birthdates, telephone numbers, and social security numbers.”
The company said it is notifying the affected patients and will offer identity theft protection to anyone affected by the attack.
The statement said Community’s security expert “believes the attacker was an ‘Advanced Persistent Threat’ group originating from China.”
Community Health Systems operates three hospitals in the Chicago area: Vista Medical Center and Vista Medical Center West in Waukegan, and MetroSouth Medical Center in Blue Island.
Information security expert Jean Phillipe Labruyere of DePaul University says attacks like this one are growing increasingly common.
"Those attacks are very common. This attacks can come from lots of different places. They do not discriminate against any possible target. Any company is a target for those possible attacks," Labruyere said.
Earlier this month, the company entered into an $88 million settlement of a Justice Department investigation into “short stay admissions through emergency departments” at some of its hospitals.
The company said in a statement released Aug. 4 that there was no finding of improper conduct and that it denied any wrongdoing.