Community Health Systems Hacked: 4.5 Million Patient Files Breached

Community Health Systems was the target of a massive cyber attack, which reportedly originated in China. Officials confirmed 4.5 million patient files were compromised in the data breach. Forensic analysts with Mandiant said the attack was consistent with a known group of Chinese hackers. However, the analysts did not reveal the group’s identity.

Community Health Systems spokeswoman Tomi Galin confirmed the information was stolen between April and June 2014. Although the files did not contain sensitive medical information, they did include information about the patients’ identities.

As reported by Reuters, the stolen files contained patients’ names, addresses, birth dates, Social Security numbers, and phone numbers. Although the breach did not include medical records, the identifying information is protected under the Health Insurance Portability and Accountability Act.

Per HIPAA requirements, the health organization filed a regulatory report — which outlines the details of the breach. According to the filing, the suspected hackers usually seek information about the development of medical devices and equipment. It is unclear why the breach involved patients’ identities as opposed to the development of new technology.

Joshua Campbell, with the FBI, confirmed the organization is working with Mandiant to investigate the Community Health Systems breach. However, he did not discuss any details.

Community Health officials confirmed the hackers used malware to access the information. Galin confirmed the malware was removed from all systems, and patients were notified about the breach.

As reported by Fox News, Community Health owns and operates more than 200 hospitals nationwide. Although the breach is concerning for patients, company officials said they do not expect any negative financial repercussions.

Indeed, despite news of the breach, the company’s stock is currently up 48 cents on the New York Stock Exchange.


In April, FBI officials issued a warning to all healthcare organizations, as their systems are specifically vulnerable to cyber attacks. In addition to seeking information about devices and equipment, hackers often seek information bout patients’ bank accounts, credit cards, and prescriptions.

Community Health officials underlined the fact that patients’ financial and medical information were not accessed in the most recent breach. However, those affected are encouraged to keep a close eye on their accounts and report any unusual activity.

As Community Health Systems operates healthcare facilities in 29 states, the data breach affected millions of patients. Although their identifying information was compromised, officials said the patients’ sensitive medical records were not accessed.

[Image via Shutterstock]