Hospital operator Community Health Systems, owner of a network of Northeastern Pennsylvania hospitals known as Commonwealth Health, said a cyberattack took personal information belonging to more than 4 million patients from its computer network earlier this year.
The attack by a foreign-based intruder netted "limited" personal identification data belonging to some patients who were seen at the Berwick Medical Professionals practices, Wilkes-Barre Academic Medicine Clinic, Wyoming Valley Surgical Associates, Wilkes-Barre Neurosurgical Associates, Scranton Clinic Company and Wilkes-Barre Clinic Company over the last five years, said Renita Fennick, spokeswoman for Commonwealth Health. She did not specify a number of patients.
The attack does not involve Commonwealth Health-affiliated hospital-specific data, Physicians Health Alliance, Great Valley Cardiology or InterMountain Medical Group practices, according to a statement Fennick released. The Commonwealth Health network includes Wilkes-Barre General Hospital, Moses Taylor and Regional Hospital of Scranton.
The transferred information included names, addresses, birthdates, telephone numbers and Social Security numbers, she said. It did not include medical information or credit card information. Affected patients will receive a letter from their physician's office. A toll-free number (1-855-205-6951) will be set up to answer patients' questions.
"We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience this event may cause our patients," the statement said.
Fennick said although they have no reason to believe the data will ever be used, all affected patients are being notified by letter and offered free identity theft protection.
"Our organization believes the intruder was a foreign-based group out of China that was likely looking for intellectual property. The intruder used highly sophisticated methods to bypass security systems," her statement read. "The intruder has been eradicated and applications have been deployed to protect against future attacks."
Community Health Systems is working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for the attack.
Officials from the Franklin, Tenn.e-based company said the attack may have happened in April and June. The company said the attack bypassed its security systems to take patient names, addresses, birthdates, and phone and Social Security numbers.
The information that was taken came from patients who were referred to or received care from doctors tied to the company over the past five years.
The attack follows other high-profile data security problems that have hit retailers like the e-commerce site eBay and Target Corp. Last year, hackers stole from Target about 40 million debit and credit card numbers and personal information for 70 million people.
The announcement that Community Health Systems was hacked and patient information stolen was the latest woe for the company, which owns, leases or operates 206 hospitals in 29 states.
Wilkes-Barre General Hospital and Berwick Hospital Center were among Community Health Systems' 119 hospitals recently investigated for allegedly overbilling the federal government's Medicare and Medicaid programs, according to a settlement agreement U.S. Department of Justice provided.
The Department of Justice entered the settlement with Community Health Systems, which agreed to pay $98.15 million to resolve overbilling allegations.
Locally, the Pennsylvania Association of Staff Nurses and Allied Professionals, the union that represents Wilkes-Barre General Hospital's registered nurses, has been involved in a labor dispute for more than a year. The nurses returned to work without a contract after participating in a five-day strike in July outside Wilkes-Barre General Hospital.
©2014 The Citizens' Voice (Wilkes-Barre, Pa.)