Hackers gain access to 4.5 million patients records, includes Oklahoma hospitals
One of the nation's leading hospital operations companies announced Monday it was hacked. Community Health Systems says personal information for about 4.5 million patients may be at risk. CHS manages hospitals all across the country and in Oklahoma.CHS says the breach affects those who, in the last five years, were referred for or received services from physicians affiliated with the company.Community Health Systems lists the following hospitals in Oklahoma:Deaconess Hospital in Oklahoma City, Midwest Regional Medical Center in Midwest City, INTEGRIS Clinton Regional Hospital in Clinton, INTEGRIS Blackwell Regional Hospital in Blackwell, INTEGRIS Marshall County Medical Center in Madill, INTEGRIS Mayes County Medical Center in Pryor, INTEGRIS Seminole Medical Center in Seminole, Medical Center of Southeastern Oklahoma in Durant, Ponca City Medical Center in Ponca City, Woodward Hospital in Woodward.CHS said in a statement to Fox 25, it was the target of an external, criminal cyber attack that happened sometime between April and June of this year. The company believes a group from China used highly sophisticated malware to attack the company's system.Both Midwest Regional and Integris confirmed that they are not affected by the breach. Deaconess says patients seen at Physicians Services clinics may be at risk.Deaconess Hospital spokeswoman Emily Kezbers released this statement regarding the report:"Limited personal identification data belonging to patients seen at Deaconess Physician Services clinic corporation was transferred out of our organization in a criminal cyber attack. The breach did not affect patients of Deaconess Hospital. The transferred information did not include any medical information or credit card information, but it did include names, addresses, birthdates, telephone numbers and social security numbers. We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience this event may cause for our patients. Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection.Our organization believes the intruder was a foreign-based group out of China that was likely looking for intellectual property. The intruder used highly sophisticated methods to bypass security systems. The intruder has been eradicated and applications have been deployed to protect against future attacks. We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack. Many American companies and organizations have been victimized by foreign-based cyber intrusions. It is up to the Federal Government to create a national cyber defense that can prevent this type of criminal invasion from happening in the future.""If you see something pop up today, call your financial institution today and say this is not a charge that I made," said President and CEO of the BBB of Central Oklahoma Kitt Letcher.Letcher says if you think you're at risk because of a company data breach, first and foremost call and notify your bank. The bank can be on the lookout for suspicious charges."Another good idea is to also contact the three major credit bureaus and tell them that you feel like you've had an identity breach. Maybe somebody has your information," Letcher said.Letcher says there's no need to panic and cancel your credit and debit cards right now, just keep a close eye on your statements. That way if something does happen, you can catch it early."Taking the time to really monitor your stuff and make sure that you're doing your due diligence as well is going to be important."Deaconess officials say all affected patients will be notified by letter and offered free identity theft protection. Community Health Systems says it is working with federal authorities to prosecute those found responsible.