Attorney General Ashley Moody announced recently that a six-year-old case involving the hacking of medical records at hospitals owned by Community Health Systems has been resolved.
Two data breaches involved the records of 6.1 million patients over a five-year period in the 206 hospitals that Community Health Systems then owned or leased, which included Venice Regional Bayfront Health, Bayfront Health Port Charlotte and Bayfront Health Punta Gorda.
Venice Hospital officials said then that their system wasn’t hacked but that Community Health Systems would be offering any affected patients free identity theft protection as a precaution.
According to a news release from Moody’s office, about 430,000 patients in the state had their addresses, birth dates, names, phone numbers and Social Security numbers exposed in the data breaches, in April and July of 2014.
CHS’ consultant reported that patient credit card and medical and clinical information were not hacked, however.
Kelli Tarala, principal consultant with Enclave Security, in Venice, said the hackers were probably trying to access data that could be sold on the black market for about $1 a name rather than engage in identity theft themselves.
In a U.S. Securities and Exchange Commission Form 8-K filing, Community Health Systems stated that: “The Company (Community Health Systems) and its forensic expert, Mandiant (a FireEye Company), believe the attacker was an ‘Advanced Persistent Threat’ group originating from China who used highly sophisticated malware and technology to attack the Company’s systems.”
At the time it was believed that the personal information of about 4.5 million patients was at risk.
The judgment Community Health Systems has agreed with Moody and the attorneys general of 27 other states calls for it to pay them a total of $5 million and implement and maintain a comprehensive information security program.
The judge in the case will need to approve the proposed judgment.
A divestiture program embarked upon to lower Community Health Systems’ debt has reduced its holdings to 92 hospitals today, including the facilities in Venice, Port Charlotte and Punta Gorda.
They’re among the 11 Florida hospitals Community Health Systems still operates, down from 37 when the breaches occurred.