(Sentinel, The (Carlisle, PA) Via Acquire Media NewsEdge) Aug. 18--Carlisle Regional Medical Systems CEO Rich Newell said it does not appear as though any patients from Carlisle or Lancaster are affected by the Community Health Systems hack that was made public today.
He said because CRMC was recently acquired by the company, it was not on the same platform as the rest of the hospitals owned by CHS, so patients at CRMC were not among the 4.5 million individuals affected by the security breach.
Posted earlier from abc27 on Cumberlink:
Community Health Systems Inc., which owns four hospitals in the Midstate, including Carlisle Regional Medical Center, reported on Monday that its computer network was the target of an external criminal cyberattack that affected approximately 4.5 million patients.
CHS acquired Memorial Hospital in York in 2012 and three former Health Management Associates Inc. hospitals: Lancaster Regional Medical Center and Heart of Lancaster Regional Medical Center in Lancaster County, and Carlisle Regional Medical Center in Cumberland County, in January 2014, according to a story from the Central Penn Business Journal.
The attack reportedly occurred in April and June of this year and was confirmed in July.
The data transferred was non-medical patient identification data related to the company's physician practice operations, and the 4.5 million people are those who, in the last five years, were referred for or received services from physicians affiliated with the company, CPBJ reported.
The data did not include patient credit card, medical or clinical information, CHS said, but is considered protected under the Health Insurance Portability and Accountability Act because it includes patient names, addresses, birth dates, telephone numbers and Social Security numbers.
CHS said it "is providing appropriate notification to affected patients and regulatory agencies as required by federal and state law" and "will also be offering identity theft protection services to individuals affected by this attack."
The filing did not offer any further specifics on the patients affected, and comment was not immediately available from the Central Pennsylvania hospitals this morning., CPBJ reported.
CHS is under the impression the attacker was an "'Advanced Persistent Threat' group originating from China who used highly sophisticated malware and technology to attack the company's systems," the filing said. "The attacker was able to bypass the company's security measures and successfully copy and transfer certain data outside the company."
According to the filing, CHS carries cyber and privacy liability insurance.
(c)2014 The Sentinel (Carlisle, Pa.)
Visit The Sentinel (Carlisle, Pa.) at www.cumberlink.com
Distributed by MCT Information Services