A cyberattack earlier this year against the parent company of SkyRidge Medical Center stole certain personal patient information from an undisclosed number of the local hospital’s clinics.
Community Health Systems Inc., headquartered in Franklin and which owns SkyRidge, reported Monday the attack took information on more than 4 million patients from its computer network.
However, the massive health care chain reported that no medical or credit card records were taken in the attack which may have occurred in April and June, according to a report from the Associated Press.
Coleman Foss, CEO of SkyRidge Medical Center told the Cleveland Daily Banner on Tuesday the information “does not involve our patient records of patients who have received care at SkyRidge Medical Center.”
He added, “Limited personal identification data belonging to some patients who were seen at our clinics/practices over the past five years was transferred out of our organization in a criminal cyberattack by a foreign-based intruder.”
He said the transferred information did not include any medical information or credit card information, but it did include names, addresses, birthdates, telephone numbers and Social Security numbers.
“Please know that we take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience this event may cause for our patients,” Foss said. “Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection.”
Foss said CMS believes the intruder was a foreign-based group out of China that was likely looking for intellectual property. He said CMS believes the intruder used highly sophisticated methods to bypass security systems.
“The intruder has been eradicated and applications have been deployed to protect against future attacks,” Foss said. “We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack.
The SkyRidge administrator pointed out, “Many American companies and organizations have been victimized by foreign-based cyber intrusions. It is up to the federal government to create a national cyber defense that can prevent this type of criminal invasion from happening in the future.”
Community Health Systems Inc. owns, leases or operates 206 hospitals in 29 states.
The attack follows other high-profile data security problems that have hit retailers like the e-commerce site eBay and Target Corp.
Last year, hackers stole from Target about 40 million debit and credit card numbers and personal information for 70 million people.
The problem did not hurt the value of the corporation as shares of Community Health climbed 38 cents to $51.38 late Monday morning, while broader trading indexes also rose less than 1 percent.