News Column

United States : COMMUNITY HEALTH SYSTEMS - Cyber attack compromises health data of 4.5 million individuals

August 22, 2014

In a public filing (Form 8K) with the Securities and Exchange Commission (SEC), a major hospital organization in the country, that runs 206 general acute care hospitals in 29 states with nearly 31,100 licensed beds Community Health Systems, Inc., has announced that it was the target of a cyber attack comprising the health information of 4.5 million individuals.

The firm and its forensic expert, Mandiant, confirmed in July that an "Advanced Persistent Threat" group that was traced back to China attacked Community Health Systems' computer network was attacked in April and June, 2014.

The attacker used highly advanced malware and technology to bypass the firm's security measures and copied and transferred outside Community Health Systems protected health information ("PHI") including names, addresses, birthdates, telephone numbers and social security numbers of individuals referred to or treated at hospitals run by the firm during the last five years.

Community Health Systems said in the report that it is offering the notifications needed under state breach notification laws and HIPAA to the individuals impacted by the attack and to the applicable regulatory agencies and will provide identity theft protection services to affected individuals.

The firm added that immediately before the submission of the Report, it "completed eradication of the malware from its systems and finalized the implementation of other remediation efforts that are designed to protect against future intrusions of announcement of the breach, posted on its website in accordance with HITECH requirements, (the "Posting") locates the breach at Community Health Systems Professional Services Corporation ("CHSPSC"), a Tennessee company that provides management, consulting and information technology services to clinics and hospital-based physicians. CHSPSC may be a business associate of the Company, although neither the Report nor the Posting confirmed CHSPSC's status. The Posting provided additional information regarding breach remediation efforts which this type."

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: TendersInfo (India)

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters