COMMUNITY HEALTH SYSTEMS (CHS) DATA BREACH EXPOSES MILLIONS OF PATIENTS’ PERSONAL IDENTIFYING INFORMATION (PII)
CHS Data Breach Puts Patients At Risk for ID Theft in Georgia, New Jersey, South Carolina and Tennessee
Community Health Systems (CHS) was the target of at least two cyber attacks originating from China in April and June of 2014. The Tennessee-based healthcare organization, which owns, operates, and leases almost 200 hospitals across 29 different states1, confirmed that confidential, patient identifying information including patient names, addresses, telephone numbers, birthdates, and social security numbers were compromised. These attacks resulted in the stolen identities of 4.5 million referred patients and individuals between 2009 and the June 2014 breach.
CHS describes the cyber attack as a complex technological attack using the Heartbleed security bug that was able to bypass its security protocols; however, there are sources that say the CHS system was hacked through a test server that did not have the same security measures as a live server. Essentially, the hackers breached CHS’s system from a server that was never intended to be connected to the internet, but it was. This test server, unfortunately, contained network credentials that were stored on its memory2. When the test server went online, the hackers were able to use the Heartbleed bug and gain user credentials from a Juniper Network device and use them to access CHS’s system, which held millions of patients’ personal information.
The prevalence of data breaches reported in today’s “cyber society” requires organizations that are responsible for securing confidential, identifying information to systematically prevent cyber attacks with proper security protocols. Specifically, health organizations, such as CHS, should have security polices in place to protect all servers loaded with sensitive network credentials, even if the servers are not intended to go online. If CHS did, in fact, have valuable user credentials on a test server without corresponding security, data breach would be an anticipated security threat that could have been prevented the exposure of millions of patients’ personal identifying information (PII).
Did you receive care at any CHS HOSPITALS between 2009 and the June 2014? If you answered yes, then you may already be a victim of identity theft. With offices in Atlanta, Birmingham, and Dallas, Texas, The Adkins Firm represents identity theft victims across the South in individual and class action lawsuits under the Fair Credit Reporting Act (FCRA). Have you fallen victim to a data breach? Has your identity been stolen? Have you received a data breach notification letter from CHS or some other company?
If you answered yes, then you should contact ID Theft Lawyer Micah Adkins for a free case review at 1-800-263-9091 24/7 or email us at: Intake@ItsYourCreditReport.com
Georgia (5): Barrow Regional Medical Center (Winder), Clearview Regional Medical Center (Monroe), East Georgia Regional Medical Center (Statesboro), Fannin Regional Hospital (Blue Ridge), Trinity Hospital of Augusta (Augusta)
New Jersey (1): The Memorial Hospital of Salem County (Salem)
South Carolina (6): Carolinas Hospital System (Florence), Carolinas Hospital System – Marion (Mullins), Chester Regional Medical Center (Chester), Gaffney Medical Center (Gaffney), Mary Black Memorial Hospital (Spartanburg), Springs Memorial Hospital (Lancaster)
Tennessee (19): Gateway Medical Center (Clarksville), Harton Regional Medical Center (Tullahoma), Henderson County Community Hospital (Lexington), Heritage Medical Center (Shelbyville), Jamestown Regional Medical Center (Jamestown), McKenzie Regional Hospital (McKenzie), SkyRidge Medical Center (Cleveland), Tennova – Dyersburg Regional (Dyersburg), Tennova – Jefferson Memorial Hospital (Jefferson City), Tennova – LaFollette Medical Center (LaFollette), Tennova – Lakeway Regional Hospital (Morristown), Tennova – McNairy Regional (Selmer), Tennova – Newport Medical Center (Newport), Tennova – North Knoxville Medical Center (Powell), Tennova – Physicians Regional Medical Center (Knoxville), Tennova – Regional Jackson (Jackson), Tennova – Turkey Creek Medical Center (Knoxville), Tennova – Volunteer Martin (Martin), University Medical Center (Lebanon)
1 Locations. Community Health Systems. January 26, 2016, http://www.chs.net/serving-communities/locations/.
2 Davek. CHS Hacked via Heartbleed Vulnerability. August 19, 2014, https://www.trustedsec.com/august-2014/chs-hacked-heartbleed-exclusive-trustedsec/.