Local patient's data is stolen by hackers
By Staff Reports
Aug 21, 2014, 12:57
PETERSBURG — Patients of some doctors affiliated with Southside Regional Medical Center may have had personal information stolen by hackers.
The cyber attack affected those who were patients with Southside Physicians Network over the past five years, but not patients at the hospital itself, according to SRMC.
SRMC currently has seven physician practices in its network of affiliated services. They include offices in Petersburg and Colonial Heights.
The information was stolen in a criminal cyber attack by a foreign-based intruder, according to the hospital. The transferred information did not include any medical information or credit card information, but it did include names, addresses, birthdates, telephone numbers and social security numbers.
According to a report filed Aug. 18 with the U.S. Securities and Exchange Commission, SRMC’s parent company, Community Health Systems Inc., confirmed in July that its computer network was the target of an external, criminal cyber attack that the company believes occurred in April and June. The hackers used malware to copy and transfer the data.
CHS has hired Mandiant, which conducted an investigation and is advising the company regarding remediation efforts. CHS said it has completed eradication of the malware from
its systems and completed other efforts that are designed to protect against future intrusions of this type.
These efforts include implementing additional audit and surveillance technology to detect unauthorized intrusions, adopting advanced encryption technologies, and requiring users to change their access passwords.
“We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience to patients. Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection,” the hospital said in statement.
SRMC said it believes the information theft was done by a foreign-based group out of China that was likely looking for intellectual property. SRMC said the intruder used highly sophisticated methods to bypass security systems.
“We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack,” SRMC said.
CHS said it has been informed by federal authorities and Mandiant that this intruder has typically sought valuable information such as medical device and equipment development data. However, in this instance, the data transferred was non-medical patient identification data for approximately 4.5 million people. CHS said this data did not include patient credit card, medical or clinical information, however the data is considered protected under the Health Insurance Portability and Accountability Act (HIPAA) because it includes patient names, addresses, birthdates, telephone numbers and social security numbers.
CHS recommends that patients remain vigilant for incidents of fraud and identity theft by reviewing credit reports and accounts for unauthorized activity. The company said it will also be offering identity theft protection services to individuals affected by this attack.
Anyone with questions or concerns about this cyber attack may call 1-855-205-6951.