The computer network of the company that owns Easton Hospital in Northampton County and Pottstown Memorial Medical Center in Montgomery County has been the target of criminal cyber attacks that originated in China.
Tennessee-based Community Health Systems, Inc., has reported to the U.S. Securities and Exchange Commission that the attacks occurred in April and June and came from China.
The hackers got "non-medical patient identification data related to Community Health Systems' physician practice operations and affected approximately 4.5 million individuals who, in the last five years, were referred for or received services from physicians affiliated with the company."
The hacked data did not include patient credit card, medical or clinical information.
But it did include patient names, addresses, birth dates, telephone numbers and Social Security numbers -- information that should be protected under the Health Insurance Portability and Accountability Act, commonly known as HIPAA.
The company is notifying affected patients and regulatory agencies as required by federal and state law. It also will be offering identity theft protection services to individuals affected by this attack.
A statement from the company says, "While we did have security measures in place to protect our computer network and electronically stored information, this attacker used very sophisticated methods to bypass security systems."
The company says it's taken steps to protect against future attacks like this.
"We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience this event may cause for our patients," said Stephen R. Wilson, marketing vice president at Easton Hospital.
"Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection."
The company reported that Chinese hackers typically are after "valuable intellectual property" such as medial device and equipment development data.
"The intruder used highly sophisticated methods to bypass security systems," said Wilson.
"The intruder has been eradicated and applications have been deployed to protect against future attacks. We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack."
Many American companies and organizations have been victimized by foreign-based cyber intrusions, said Wilson. "It is up to the federal government to create a national cyber defense that can prevent this type of criminal invasion from happening in the future."
Community Health Systems told the SEC it "does not believe this incident will have a material adverse effect on its business or financial results."
Community Health Systems calls itself the nation's largest publicly traded hospital company "as measured by number of hospital facilities."
It has 206 hospitals in 29 states, including 20 in Pennsylvania.