Community Health details attack on patient records

Posted: August 18, 2014 at 12:34 p.m.

FRANKLIN, Tenn. — Hospital operator Community Health Systems said a cyber-attack took information on more than 4 million patients from its computer network earlier this year.

Community Health Systems owns Northwest Health System — which includes Northwest Arkansas Medical Center in Bentonville and Springdale and the Willow Creek Women’s Hospital in Johnson — and purchased Sparks Health System — which includes Sparks Regional Medical Center in Fort Smith and Summit Medical Center in Van Buren — in January.

The Franklin, Tenn., company said Monday that no medical or credit card records were taken in the attack, which may have happened in April and June. But, Community said, the attack did bypass its security systems to take patient names, addresses, birth dates, and phone and Social Security numbers.

The hospital operator said it believes the attack came from a group in China that used sophisticated malware and technology to get the information. Community Health has since removed the malware from its system and finalized "other remediation efforts" to prevent future attacks.

A spokesman did not immediately respond to a request from The Associated Press seeking comment on the attacks.

The information that was taken came from patients who were referred to or received care from doctors tied to the company over the past five years.

Community Health Systems Inc. is notifying patients affected by the attack and offering them identity theft protection services. The company owns, leases or operates 206 hospitals in 29 states.