Community Health Systems, a company that operates 206 hospitals across the United States, has admitted that hackers recently broke into its computers and stole data on 4.5 million patients.
It’s believed that the hackers did not gain access to medical histories or credit card information — but perhaps worse — they were able to obtain names, Social Security numbers, addresses, and other information that could be used for identity theft.
Tech publication ComputerWorld says “companies that suffer major data breaches almost always portray themselves as victims of cutting-edge malware and attack techniques. In reality, many companies fall victim to hackers due to fundamental security mistakes, such neglecting to install security patches, making basic network and system configuration errors and a failing to act on system security alerts.”
The company’s hospitals operate in 28 states with a significant presence in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee, and Texas.
Malware to Blame?
Security experts have determined the hackers were based in China and used sophisticated malware to launch the attacks a few months ago, perhaps shortly before June 2014.
Malware can affect you when you click on a suspicious link or email attachment; if you’ve ever had pop-up ads that won’t go away, for example, then you have been the victim of malware.
Interestingly, the company admitted in a Securities and Exchange Commission filing that it “carries cyber/privacy liability insurance to protect it against certain losses related to matters of this nature.”
That’s great the company secures itself with cyber-liability policies to protect their bottom line. But do the hospitals affiliated with this profitable corporation truly explain to new patients how and where their most sensitive personal information is being shared, saved, and protected? Something to consider the next time you’re asked to provide your Social Security number at a doctor’s office.