Patients of Community Health Systems hospitals, or affiliated physicians, could be at risk of medical fraud, says the S.C. Department of Consumer Affairs.
Community Health Systems which operates eight hospitals in South Carolina including Chester Regional Medical Center and Springs Memorial Hospital in Lancaster recently reported a cyber attack. Approximately 4.5 million individuals nationwide who received services in the last five years could be affected, company officials reported.
Specific numbers for South Carolina were not available Wednesday from Community Health Systems. State law requires companies to notify the S.C. Department of Consumer Affairs when more than 1,000 people are affected. That notice typically is filed after the company makes an announcement and notifies affected customers.
No credit card or medical or clinical information was stolen, according to Community Health Systems. Stolen data includes patient names, addresses, birth dates, telephone numbers and Social Security numbers.
With a Social Security number and a date of birth (hackers) can do anything you can do with that data such as file taxes, apply for and take out a loan, said Juliana Harris, spokeswoman for the S.C. Department of Consumer Affairs.
Medical identity theft is possible, she said.
Harris said its important for Community Health Systems patients to carefully check their explanation of benefits statements. An extra item or charge on the statement could be a mistake or the result of identity theft.
That theft is important as people with the stolen information could change a persons medical records, affecting their ability to get health care, Harris said.
Community Health Systems reported the attack to the Securities and Exchange Commission. The attack happened in April and June and likely originated in China, according to Franklin, Tenn.-based Community Health Systems.
Subsequently, Community Health Systems has employed Mandiant, an information security company, which investigated the incident. Community Health Systems has removed the malware and made other changes to protect its data.
Officials from Chester Regional Medical Center and Springs Memorial released the same statement Wednesday, saying the security and confidentiality of private patient information is taken seriously, and while, we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection.
The hospitals also said that other U.S. companies have been victims of foreign-based cyber attacks and it is up to the federal government to create a national cyber defense that can prevent this type of criminal invasion from happening in the future.
Don Worthington • 803-329-4066
The Charlotte Observer welcomes your comments on news of the day. The more voices engaged in conversation, the better for us all, but do keep it civil. Please refrain from profanity, obscenity, spam, name-calling or attacking others for their views.
Have a news tip? You can send it to a local news editor; email firstname.lastname@example.org to send us your tip - or - consider joining the Public Insight Network and become a source for The Charlotte Observer.Read moreRead less