FRANKLIN, Tenn. - The computer network of the company that owns Easton Hospital in Northampton County and Pottstown Memorial Medical Center in Montgomery County has been the target of criminal cyber attacks that originated in China.
Tennessee-based Community Health Systems, Inc., has reported to the U.S. Securities and Exchange Commission that the attacks occurred in April and June and came from China.
The hackers got "non-medical patient identification data related to Community Health Systems' physician practice operations and affected approximately 4.5 million individuals who, in the last five years, were referred for or received services from physicians affiliated with the company."
The hacked data did not include patient credit card, medical or clinical information.
But it did include patient names, addresses, birth dates, telephone numbers and Social Security numbers -- information that should be protected under the Health Insurance Portability and Accountability Act, commonly known as HIPAA.
The company is notifying affected patients and regulatory agencies as required by federal and state law. It also will be offering identity theft protection services to individuals affected by this attack.
A statement from the company says, "While we did have security measures in place to protect our computer network and electronically stored information, this attacker used very sophisticated methods to bypass security systems."
The company says it's taken steps to protect against future attacks like this.
"We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience this event may cause for our patients," said Stephen R. Wilson, marketing vice president at Easton Hospital.
"Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection."
The company reported that Chinese hackers typically are after "valuable intellectual property" such as medial device and equipment development data.
"The intruder used highly sophisticated methods to bypass security systems," said Wilson.
"The intruder has been eradicated and applications have been deployed to protect against future attacks. We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack."
Many American companies and organizations have been victimized by foreign-based cyber intrusions, said Wilson. "It is up to the federal government to create a national cyber defense that can prevent this type of criminal invasion from happening in the future."
Community Health Systems told the SEC it "does not believe this incident will have a material adverse effect on its business or financial results."
Community Health Systems calls itself the nation's largest publicly traded hospital company "as measured by number of hospital facilities."
It has 206 hospitals in 29 states, including 20 in Pennsylvania.
Pennsylvania's highest court is limiting the power of prosecutors to seize people's property through civil actions.Read More »
- Warrants issued for man in attack on person with cerebral palsy
- Man arrested in hit-and-run crash with school bus
- New app aims to save lives in Montgomery County
- 2 counselors overdose and die at Chester Co. halfway house
- Jury of 12 on Bill Cosby sex assault case includes 2 blacks
- Cosby arrives for Day 3 of jury selection
- 15 years has gone by fast for Freddy Awards
- Frackville police investigating man's 'suspicious' death
- Boyertown looks to enhance privacy in restrooms, locker rooms
- Jose Rosado and the Allentown School District at odds over book
- VFW Awareness Day at Catasauqua school
- Pennsylvania mushroom farms face labor shortage
- UGI Energy Services presents scholarship to Berks foundation
- UGI Defends Proposed Bethlehem Gas Storage Tank Proposal
- Veterans highlight issues faced by those returning from war
- Pa. court tightens rules for seizing properties tied to crime