Hospitals: Few clients call in over files breach

Administrators at several hospitals throughout Arkansas said Tuesday that they had received relatively few calls from patients related to a report Monday that their personal information may have been hacked in a data breach that affected 4.5 million patients throughout the country.

On Monday, Community Health Systems, a medical conglomerate of almost 200 hospitals -- including 10 in Arkansas -- reported to the U.S. Securities and Exchange Commission that China-based hackers had gained access to patients' information sometime in April and again in June. According to the report, information security firm Mandiant confirmed that the hackers did not access patient credit card or medical information. However, the data breach did compromise patient names, addresses, birth dates, telephone numbers and Social Security numbers.

Arkansas hospitals in Community Health Systems include the Northwest Arkansas Medical Centers in Bentonville and Springdale, the Willow Creek Women's Hospital in Johnson, Siloam Springs Regional Hospital, Forrest City Medical Center, Harris Hospital in Newport, Helena Regional Medical Center, the Medical Center of South Arkansas in El Dorado, the Sparks Regional Medical Center in Fort Smith and the Summit Medical Center in Van Buren. Sparks and Summit were not affected by the breach, according to previous Arkansas Democrat-Gazette reports.

Spokesmen for several of the affected hospitals said individuals whose personal information was compromised were patients not of the respective hospitals, but of clinics affiliated with the hospitals. Cathy Davis, spokesman for Siloam Springs Regional Hospital, said most of the breach risk seemed to be limited to patients of the hospital's internal medicine, ophthalmology, cardiac, and ear, nose and throat clinics, all of which are at satellite locations in Siloam Springs.

Similarly, Forrest City Medical Center spokesman Janet Benson said internal corporate communications from Community Health Systems indicated that only clinics affiliated with her hospital had been affected by the breach. She said she had not received any information from Community Health Systems indicating why clinics were primarily affected.

Rebecca Pearrow, a spokesman for Harris Hospital in Newport, in Jackson County, said that as of Tuesday, hospital administrators weren't sure any of their patients' data had been compromised.

"We're operating under the assumption they were, and we're approaching it as such," Pearrow said. She said the hospital has a maximum capacity of 133 beds, with a daily census of about 24 patients.

In the Securities and Exchange Commission report, Community Health Systems said it will send letters to each of the 4.5 million patients whose personal information may have been compromised, as well as create a hotline for patients to call with questions. A message at the number, (855) 205-6951, said the hotline will open at 8 a.m. CDT today.

Community Health Systems will also offer identity theft protection to patients affected by the breach. Community Health Systems spokesman Tomi Galin said the identity theft protection service will be paid for for one year, but she did not identify who would provide the service. Experian and Equifax, which are best known for providing consumer credit reports, are two of the largest providers of such services.

Arkansas Department of Health spokesman Kerry Krell said some of the information compromised in the breach was covered under the Health Insurance Portability and Accountability Act, commonly known as HIPAA. As such, any investigation into the breach by Arkansas authorities would likely be carried out by the Office for Civil Rights, Region 6, rather than the Health Department.

NW News on 08/20/2014

Upcoming Events