Dive Brief:
- Franklin, TN-based Community Health Systems announced Monday that it was the victim of a massive theft of the personal data of 4.5 million people. The hack likely occurred in April or June and included patient names, addresses, social security numbers and other HIPAA-protected data. Impacted individuals were referred to or received services from doctors affiliated with the provider in the past five years.
- CHS' security contractor, FireEye Inc unit Mandiant, said it believes that the hack originated in China. According to the company, the federal government says that these kinds of attacks are usually geared toward the theft of intellectual property, like medical device and equipment development information.
- The hospital is implementing remediation procedures, including notifying patients and regulatory agencies. CHS says it is insured against these losses and does not expect the event to impact financial results.
Dive Insight:
CHS is one of the largest hospital operators in the country, managing 206 hospitals in 29 states. This is a high-profile breach, and it comes directly in the wake of the FBI's warning to the healthcare industry that it needs to shape up its data security efforts: In April, the FBI issued a private industry notification (PIN) to the healthcare industry, warning providers that their security is insufficient to meet the risk of cyberattacks.
Want to read more? You might enjoy this story about the FBI's private industry notification to the healthcare industry.