Community Health Systems Inc., which operates hospitals in Fort Smith, Bentonville, Springdale and seven other cities in Arkansas, on Monday blamed Chinese hackers for a cyberattack that accessed “non-medical” data on 4.5 million patients of its affiliated physicians.
Donna Bragg, director of marketing and communications at Sparks Health System and Summit Medical Center said none of the Sparks or Summit clinics were affected by the data breach.
The publicly traded company based in Franklin, Tennessee, revealed the attack in a filing with the Securities & Exchange Commission. According to the filing, the hacking happened in April and June and was confirmed by a forensic network security expert in July.
“The Company and its forensic expert, Mandiant (a FireEye Company), believe the attacker was an ‘Advanced Persistent Threat’ group originating from China who used highly sophisticated malware and technology to attack the Company’s systems,” CHS revealed.
“The Company has confirmed that this data did not include patient credit card, medical or clinical information,” but it is considered confidential under HIPAA, the Health Insurance Portability and Accountability Act, “because it includes patient names, addresses, birthdates, telephone numbers and social security numbers.”
Patients whose information may have been compromised are being notified, CHS said in the filing, and the company “will also be offering identity theft protection services to individuals affected by this attack.”
According to its website, Community Health Systems owns Sparks Regional Medical Center at Fort Smith, the Northwest Medical Center facilities in Bentonville and Springdale, Willow Creek Women’s Hospital at Johnson, Summit Medical Center at Van Buren, Siloam Springs Regional Hospital, Medical Center of South Arkansas at El Dorado, Forrest City Medical Center, Harris Hospital at Newport and Helena Regional Medical Center.