Hospital network hacked, 4.5 million records stolen – PA Included!

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.
Hospital Network Hacked

Hackers have taken 4.5 million Social Security numbers from patients who attended any one of Community Health Systems' 206 hospitals this year, including Pennsylvania locations.

Hospital Network Hacked

Hackers have taken 4.5 million Social Security numbers from patients who attended any one of Community Health Systems’ 206 hospitals this year, including Pennsylvania locations.

UPDATE: Memorial Hospital representative tells us the hospital is not affected, but affiliated physician practices are. We are still unsure which practices those are.

Carlisle Regional Medical Center, Lancaster Regional Medical Center and Heart of Lancaster Regional Medical Center were not affected, according to a spokesperson from Heart of Lancaster Regional Medical Center.

Jose Pagliery, NEW YORK (CNNMoney) — Community Health Systems, which operates 206 hospitals across the United States, announced on Monday that hackers recently broke into its computers and stole data on 4.5 million patients.

Hackers have gained access to their names, Social Security numbers, physical addresses, birthdays and telephone numbers.

Anyone who received treatment from a network-owned hospital in the last five years — or was merely referred there by an outside doctor — is affected.

The large data breach puts these people at heightened risk of identity fraud. That allows criminals to open bank accounts and credit cards on their behalf, take out loans and ruin personal credit history.

The company’s hospitals operate in 28 states but have their most significant presence in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee and Texas.


  1. Berwick Hospital Center – Berwick, Pennsylvania
  2. Brandywine Hospital – Coatesville, Pennsylvania
  3. Carlisle Regional Medical Center – Carlisle, Pennsylvania
  4. Chestnut Hill Hospital – Philadelphia, Pennsylvania
  5. Easton Hospital – Easton, Pennsylvania
  6. First Hospital Wyoming Valley – Kingston, Pennsylvania
  7. Heart of Lancaster Regional Medical Center – Lititz, Pennsylvania
  8. Jennersville Regional Hospital – West Grove, Pennsylvania
  9. Lancaster Regional Medical Center – Lancaster, Pennsylvania
  10. Lock Haven Hospital – Lock Haven, Pennsylvania
  11. Memorial Hospital – York, Pennsylvania
  12. Moses Taylor Hospital – Scranton, Pennsylvania
  13. Phoenixville Hospital – Phoenixville, Pennsylvania
  14. Pottstown Memorial Medical Center – Pottstown, Pennsylvania
  15. Regional Hospital of Scranton – Scranton, Pennsylvania
  16. Sharon Regional Health System – Sharon, Pennsylvania
  17. Special Care Hospital – Nanticoke, Pennsylvania
  18. Sunbury Community Hospital – Sunbury, Pennsylvania
  19. Tyler Memorial Hospital – Tunkhannock, Pennsylvania
  20. Wilkes-Barre General Hospital – Wilkes-Barre, Pennsylvania

Community Health Systems hired cybersecurity experts at Mandiant to consult on the hack. They have determined the hackers were in China and used high-end, sophisticated malware to launch the attacks sometime in April and June this year.

Federal investigators and Mandiant told the hospital network those hackers have previously been spotted conducting corporate espionage, targeting valuable information about medical devices.

But this time, the hackers stole patient data instead. Hackers did not manage to steal information related to patients’ medical histories, clinical operations or credit cards.

Still, the lost personal information is protected by the Health Insurance Portability and Accountability Act, the federal health records protection law. That means patients could sue the hospital network for damages.

Shares of the publicly-traded Community Health Systems edged lower Monday morning. But the company tried to stem worries about the damages in a filing Monday with the Securities and Exchange Commission, saying that it “carries cyber/privacy liability insurance to protect it against certain losses related to matters of this nature.”

The hospital network said that, it managed to wipe the hackers’ malware from its computer systems and implemented protections to prevent similar break-ins.

The network plans to offer identity theft protection to the 4.5 million victims of the data breach.

1 Comment

  • Sandy

    Thanks for the news but it doesn’t give any info on who to contact if affected. If you have any please share a lot of us would love to know.

Comments are closed.

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.