Insurance Blog

Finance Blogs » Insurance Blog » Data breach hits 4.5M patients

Data breach hits 4.5M patients

By Crissinda Ponder ·
Tuesday, August 19, 2014
Posted: 5 pm ET

A national hospital company's computer system has been hacked, and sensitive personal details about millions of patients have been compromised.

Tennessee-based Community Health Systems, which operates more than 200 hospitals in 29 states, has told federal regulators that Chinese hackers stole the names, addresses, Social Security numbers and other personal information of 4.5 million patients.
© Balefire/
The breach happened in April and June of this year and affects patients who -- in the last five years -- have been referred to or treated by health care providers that are affiliated with the hospital chain, according to a filing sent to the Securities and Exchange Commission.

Community Health Systems says the breach didn't involve patients' credit card numbers or medical information, just "non-medical patient identification data."

"Since first learning of this attack, the company has worked closely with federal law enforcement authorities in connection with their investigation and possible prosecution of those determined to be responsible for this attack," the filing says.

Breach announcement delay is common

The attack appeared to have happened during the spring, so why are we just hearing about it in late summer?

It's common for there to be some type of delay when a company releases information about a data breach, says Mark Savage, director of health information technology policy and programs for the National Partnership for Women & Families in Washington, D.C.

"It takes a little while to determine what's the nature of the breach, what kind of information was taken, what are the particular laws that apply, and so forth," he says.

Community Health Systems is offering identity theft protection services to consumers who've been affected, but this benefit shouldn't deter patients from doing what they can to make sure their information is secure, Savage says.

"That's no substitute for the affected individuals to be monitoring their own accounts and systems," he says. "That's good practice whether or not there's been a hack."

See a map of the Community Health Systems hospitals here.

Data breaches are more common than you may think. Take a look at 11 major breaches that occurred in the U.S. over the past decade.

Follow me on Twitter @CrissiPonder.

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
August 22, 2014 at 3:57 pm

Not sure the companies are the bad guys. Seems to me they are victims as well as the consumers. Look what happened to Target.

steve taub
August 21, 2014 at 8:28 pm

Surprise, surprise!

August 21, 2014 at 4:32 pm

Somebody tell me why the hospital needs your SSN???

August 21, 2014 at 3:37 pm

That it's COMMON practice for corporations to delay breach announcements by months DOESN'T mean it's an ACCEPTABLE practice! Their sole interest is downplaying the event to protect Public Good Will toward their name and contain/limit their $$$$$ liabilities for the breach. It's all about $$$$$ - CHS $$$$$ - and only CHS $$$$$.

I read in a local newspaper article (CHS owns a nearby hospital) that CHS considers the Federal Government responsible for protecting them from these attacks and data breaches! That's utter BS. CHS is responsible for protecting their own information systems and data. Until they're PUNISHED for letting these breaches occur, corporations will only do the MINIMUM required by LAW to protect the data they store. It's not THEIR personal information being compromised, it's yours and mine. THEY are not suffering the consequences of it, YOU and I are, and they won't do anything more about it until THEY suffer consequences SEVERE enough to get their attention.

I'm TIRED of all the data breaches and all the CORPORATE EXCUSES being made for them.

August 21, 2014 at 2:23 pm

I read another article a couple of days ago that stated name, address, date of birth and ss# info got hacked. That is a big deal. From that article, it sounded like CHS was trying to make light of it.

August 21, 2014 at 2:04 pm

Seriously, people, CHS owns about 280 hospitals, and you expect a news article to list every one. All the information online and none of you have figured out how to find the CHS website and see where their hospitals are? It's very easy:,and then you click on the big US map with "Our Locations" next to it!