Local hospitals hit by hackers

Published 8:20 am Tuesday, August 19, 2014

Multiple sources are reporting that Community Health Systems (CHS), which operates Southampton Memorial Hospital in Franklin, as well as others in the state of Virginia, has had its computer system breached.

Meanwhile, officials at a CHS owned facility in Williamston, NC are saying that a foreign intruder managed to gain limited personal identification data belonging to some patients who were seen at clinics owned by Martin General Hospital over the past five years was,  “transferred out of our organization in a criminal cyber attack.”

Officials with Southampton Memorial Hospital are reporting that hackers did not gain local information from the CHS attack, according to a report by The Tidewater News (a sister publication of the Roanoke-Chowan News-Herald.)

Steve Ramey, chief financial officer at Southampton Memorial Hospital, confirmed early Monday afternoon that CHS was attacked, but he later added that, “Our clinics were not affected by the data breach reported this morning (Monday) by Community Health Systems.”

CHS operates over 206 hospitals across 29 states. In Virginia that includes Southern Virginia Regional Medical Center in Emporia and the Southside Regional Medical Center in Petersburg along with Southampton Memorial.

Community Health Systems also owns and operates four hospitals in North Carolina, including Martin General Hospital in Williamston. The other three are located in Hamlet, Mooresville and Statesville.

In a statement released by Martin General Hospital, the transferred information did not include any medical information or credit card information, but it did include names, addresses, birthdates, telephone numbers and social security numbers.

“We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience this event may cause for our patients,” Martin General officials said in the statement. “Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection.

“Our organization believes the intruder was a foreign-based group out of China that was likely looking for intellectual property,” the statement continued. “The intruder used highly sophisticated methods to bypass security systems. The intruder has been eradicated and applications have been deployed to protect against future attacks. We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack.”

Martin General officials added that many American companies and organizations have been victimized by foreign-based cyber intrusions.

“It is up to the Federal Government to create a national cyber defense that can prevent this type of criminal invasion from happening in the future,” they said.

It is estimated that the personal information belonging to more than 4.5 million patients, including names and addresses, has been compromised.

In a report from www.healthitsecurity.com, CHS officials said in a filing with the Securities and Exchange Commission (SEC) that a 4.5 million patient-data breach in which Chinese cyber criminals hacked into its computer network with malware occurred between April and June 2014.

Affected patients had either been referred to or received treatment from the hospital operator’s doctors within the past five years. And because it was a HIPAA violation, the organization is alerting all 4.5 million affected patients while also providing free identity-theft protection services.

As a result of the breach, Community Health says it has removed the malware from its system entirely and will beef up its network security to avoid future attacks.