The Community Health Systems (CHS) suffered a data breach in April and June that has affected up to 4.5 million of the company's patients. Although payment information wasn't taken, patient names, addresses, birthdates, telephone numbers, and Social Security numbers were compromised during the breach.
The attack likely was an Advanced Persistent Threat (APT) originating from China, in an effort to steal bulk data which can be used later. APTs are targeted attacks designed to circumvent modern firewalls, antivirus and antimalware solutions used by companies.
"The company has confirmed that this data did not include patient, credit card, medical, or clinical information," Community Health noted in a statement to the Securities and Exchange Commission (SEC).
CHS is having a turbulent month, as the company only recently resolved a Department of Justice (DoJ) investigation related to "short stay admissions through emergency departments."