Hacks Breach Hospital Chain’s PHI Data

What is believed to be Chinese hackers seeking intellectual property instead hacked non-medical identification data of 4.5 million patients visiting physicians associated with Community Health Systems hospitals, the chain said in an SEC statement. The chain, which boasts affiliation with 206 hospitals in 29 states, says it believes the hackers were looking for medical device and equipment development data.

The company says personal health information (PHI) data stolen included patients’ names, Social Security numbers, physical addresses, birthdays, and telephone numbers.They did not steal information related to patients’ medical histories, clinical operations, or credit cards, and the FBI says it is working with Community Health Systems to identify the hackers and protect the data.

As a HIPAA violation, the company said in its SEC statement, the offending malware has been eliminated from its computer systems. It plans to offer identity theft protection to the 4.5 million victims of the breach.

Hacks of PHI comprise less than 10 percent of breaches reported to the federal Office for Civil Rights at the Department of Health & Human Services, but they can be significant and costly. In 2012, the Utah Department of Technology Services’ servers were breached, exposing three quarters of a million records of Utah Medicaid and Children’s Health Insurance program beneficiaries; the Salt Lake Tribune reported the state paid $3.4 million directly and forced another $5.6 million of improvements to prohibit another breach.

2017-code-book-bundles-728x90-01

 

 

Brad Ericson

Brad Ericson

Publisher at AAPC
Brad Ericson, MPC, CPC, COSC, has been publisher for more than nine years. Before AAPC he was at Optum for 13 years and at Aetna Health Plans before that. He has been writing and publishing about healthcare since 1979. He received his Bachelor's in Journalism from Idaho State University and his Master's of Professional Communication degree from Westminster College of Salt Lake City.
Brad Ericson

Latest posts by Brad Ericson (see all)

About Has 193 Posts

Brad Ericson, MPC, CPC, COSC, has been publisher for more than nine years. Before AAPC he was at Optum for 13 years and at Aetna Health Plans before that. He has been writing and publishing about healthcare since 1979. He received his Bachelor's in Journalism from Idaho State University and his Master's of Professional Communication degree from Westminster College of Salt Lake City.

Leave a Reply

Your email address will not be published. Required fields are marked *