Data breaches are a fact of life nowadays, so it’s not exactly surprising to learn of another hack in which more than 4.5 million medical patient records were recently stolen from Community Health, a Tennessee health care company.
One of the largest hospital groups in the country, Community Health has more than 200 hospitals located in 29 states. Federal authorities classify the Community Health attack as the largest of its kind in the United States involving patient information. It is suspected that Chinese hackers are responsible.
Cyber thieves are especially interested in patient data because it contains enough personal information to obtain prescription drugs and access personal banking records. In addition to Social Security numbers, the hackers gained access to names, addresses, birth dates and personal telephone numbers. The company believes the thievery occurred on its systems sometime in April or May of 2014. Here’s the initial news report from the Tennessean newspaper.
Community Health officials said all malicious software has been removed from its systems and security measures have been beefed up to prevent future thefts. Affected patients are being contacted by Community Health with offers of identity theft protection and warnings to monitor their online accounts for fraud.
HIPAA & Data Recovery
Medical and/or patient information must be protected under the federal Health Insurance Portability and Accountability Act (HIPAA), a law which mandates protection for individually identifiable health information. According to the law; health plans, health care clearinghouses, medical billing services and community health information systems must protect private data under threat of civil fines and criminal penalties.
It’s important to remember that any time your data is in someone else’s hands—or in someone else’s computer system—it may be at risk of loss or theft. As the world’s leading data recovery company, DriveSavers provides complete data security and confidentiality—guaranteed. DriveSavers operations are HIPAA-compliant and we guarantee all customer data in our care is safe and secure. No exceptions!
Is your organization compliant with the new HIPAA Omnibus?
You can talk to DriveSavers about our data security programs at the American Health Information Management Association’s (AHIMA) annual convention later this month. DriveSavers will be at Booth 1642 at the San Diego Convention Center for the AHIMA event Sept. 28-Oct. 1. Be sure to stop by our booth and ask us how we can help with HIPAA Omnibus compliance and electronic patient health information (ePHI) data security. You can also contact DriveSavers at 800.440.1904 and ask to speak to your account manager to execute a new Business Associate Agreement (BAA).