San Angelo's Community Medical Center Victim of Cyber Attack

Hackers from China broke into the Community Health Systems computer systems and harvested patient information, the company said in a filing to the Security and Exchange Commission Monday. Community Health Systems, Inc. owns and operates Community Medical Center in San Angelo. Sheryl Pfluger, spokeswoman for the local offices here said that the clinics operated by San Angelo Community Medical Center were affected. “Limited personal identification data belonging to some patients who were seen at Community Medical Associates and Community MediCenter-West over the past five years was transferred out of our organization in a criminal cyber attack by a foreign-based intruder,” said a press statement late Monday afternoon by the local . Patients and former patients at the Community Hospital were not affected.

The company said that hackers gained access to patient names, addresses, phone numbers and social security numbers. No medical records or credit card billing information were compromised, she said. Although, the basic data that was retrieved in the hacking incident is still protected and restricted data as designated by the federal Health Insurance Portability and Accountability Act, or HIPPA.

“The Company is providing appropriate notification to affected patients and regulatory agencies as required by federal and state law,” the company said in their SEC filing. In all, Community said that 4.5 million patient records were compromised across the nation.

Community hired a cyber-security consultant to lead the investigation into the hacking incident, in addition to engaging the Federal Bureau of Investigation. They said that the hacking event happened from April to June 2014 using malware by a Chinese group known as an “Advanced Persistent Threat.”  By installing the malware in Community’s network, the attackers were able to bypass Community’s cyber-security measures and transfer the data. The corporate investigators believe the attack was to gain access to trade secrets, not compromise patient data.

Community said that the security breech has been closed. “The intruder has been eradicated and applications have been deployed to protect against future attacks,” Pfluger said.

The company informed their shareholders that Community carries cyber/privacy liability insurance to protect it against events like these. They said that the company does not expect the event to have a substantial impact on its financial results.

The company is providing victims of the attack with identity theft protection services. Pfluger said that San Angelo clients who have questions or concerns should call her office directly at San Angelo Community Marketing, 325-947-6224, between 8 a.m. - 5 p.m., Monday thru Friday.

--

Update 8:00 p.m.

Clairified that only clinic patients at both Community Medical Associates and Community MediCenter-West were affected. Patients and former patients at the main hospital at Community Medical Center were not affected.