San Angelo's Community Medical Center Victim of Cyber Attack

 

Hackers from China broke into the Community Health Systems computer systems and harvested patient information, the company said in a filing to the Security and Exchange Commission Monday. Community Health Systems, Inc. owns and operates Community Medical Center in San Angelo. Sheryl Pfluger, spokeswoman for the local offices here said that the clinics operated by San Angelo Community Medical Center were affected. “Limited personal identification data belonging to some patients who were seen at Community Medical Associates and Community MediCenter-West over the past five years was transferred out of our organization in a criminal cyber attack by a foreign-based intruder,” said a press statement late Monday afternoon by the local . Patients and former patients at the Community Hospital were not affected.

The company said that hackers gained access to patient names, addresses, phone numbers and social security numbers. No medical records or credit card billing information were compromised, she said. Although, the basic data that was retrieved in the hacking incident is still protected and restricted data as designated by the federal Health Insurance Portability and Accountability Act, or HIPPA.

“The Company is providing appropriate notification to affected patients and regulatory agencies as required by federal and state law,” the company said in their SEC filing. In all, Community said that 4.5 million patient records were compromised across the nation.

Community hired a cyber-security consultant to lead the investigation into the hacking incident, in addition to engaging the Federal Bureau of Investigation. They said that the hacking event happened from April to June 2014 using malware by a Chinese group known as an “Advanced Persistent Threat.”  By installing the malware in Community’s network, the attackers were able to bypass Community’s cyber-security measures and transfer the data. The corporate investigators believe the attack was to gain access to trade secrets, not compromise patient data.

Community said that the security breech has been closed. “The intruder has been eradicated and applications have been deployed to protect against future attacks,” Pfluger said.

The company informed their shareholders that Community carries cyber/privacy liability insurance to protect it against events like these. They said that the company does not expect the event to have a substantial impact on its financial results.

The company is providing victims of the attack with identity theft protection services. Pfluger said that San Angelo clients who have questions or concerns should call her office directly at San Angelo Community Marketing, 325-947-6224, between 8 a.m. - 5 p.m., Monday thru Friday.

--

Update 8:00 p.m.

Clairified that only clinic patients at both Community Medical Associates and Community MediCenter-West were affected. Patients and former patients at the main hospital at Community Medical Center were not affected.

Subscribe to the LIVE! Daily

The LIVE! Daily is the "newspaper to your email" for San Angelo. Each content-packed edition has weather, the popular Top of the Email opinion and rumor mill column, news around the state of Texas, news around west Texas, the latest news stories from San Angelo LIVE!, events, and the most recent obituaries. The bottom of the email contains the most recent rants and comments. The LIVE! daily is emailed 5 days per week. On Sundays, subscribers receive the West Texas Real Estate LIVE! email.

Required

Most Recent Videos

Comments

If you receive notification that your personal identification data was compromised, place a "Fraud Alert" on your credit reports, and review the reports carefully. The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert; a call to one company is sufficient: TransUnion: www.transunion.com, 1-800-680-7289 Experian: www.experian.com, 1-888-EXPERIAN (397-3742) Equifax: www.equifax.com, 1-800-525-6285 Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain.

Post a comment to this article here: