Nationwide Health Care Provider Says Data Breach Affects Oklahoma Patients
FRANKLIN, Tennessee - Hospital operator Community Health Systems said a cyberattack took information on more than 4 million patients from its computer network earlier this year.
The Franklin, Tennessee, company said Monday that no medical or credit card records were taken in the attack, which may have happened in April and June. But Community said the attack did bypass its security systems to take patient names, addresses, birthdates, and phone and Social Security numbers.
The hospital operator said it believes the attack came from a group in China that used sophisticated malware and technology to get the information. Community Health has since removed the malware from its system and finalized "other remediation efforts" to prevent future attacks.
The information that was taken came from patients who were referred to or received care from doctors tied to the company over the past five years.
Community Health Systems is notifying patients affected by the attack and offering them identity theft protection services. The company owns, leases or operates 206 hospitals in 29 states including 10 hospitals in Oklahoma.
The attack follows other high-profile data security problems that have hit retailers like the e-commerce site eBay and Target Corp. Last year, hackers stole from Target about 40 million debit and credit card numbers and personal information for 70 million people.
The Oklahoma hospitals include:
Deaconess Hospital - Oklahoma City
INTEGRIS Blackwell Regional Hospital - Blackwell
INTEGRIS Clinton Regional Hospital - Clinton
INTEGRIS Marshall County Medical Center - Madill
INTEGRIS Mayes County Medical Center - Pryor
INTEGRIS Seminole Medical Center - Seminole
Medical Center of Southeastern Oklahoma - Durant
Midwest Regional Medical Center - Midwest City
Ponca City Medical Center - Ponca City
Woodward Hospital - Woodward
The Associated Press contributed to this report.