The Franklin, Tennessee, company says no medical or credit card records were taken in the attack, which may have happened in April and June. But Community says the attack did bypass its security systems to take patient names, addresses, birthdates, phone and Social Security numbers.
The information came from patients who were referred to or received care from doctors tied to the company over the past five years. Community Health Systems Inc. says it is notifying patients affected by the attack and offering them identity theft protection services.
CHS Marketing Director Mary Nash-Swink told West Kentucky Star the data breach was limited to some patients who were seen at physician clinics over the past five years. She said CHS officials believe the intruder was a foreign-based group out of China that was likely looking for intellectual property, and that measures have been taken to protect against future attacks.
The company owns, leases or operates 206 hospitals in 29 states, including one in Fulton, Ky, Anna, IL, Marion, IL, Martin, TN, and Clarksville, TN, among others.