4.5 Million Patients’ Information Stolen by Hackers


Community Health Systems Inc. (“CHS”), a Tennessee-based hospital provider, has reported it was the target of data hackers who were able to obtain identification information belonging to approximately 4.5 million CHS patients. According to some sources, this is the second-largest HIPAA breach ever. The company has been cooperating with Federal law enforcement authorities pursuing the individuals responsible for hacking into CHS’s system. In response to this breach, CHS is working to notify those individuals whose information was stolen and assisting them with identity theft protection as well as working with a security firm to thoroughly investigate the breach.

Healthcare providers that maintain or transmit electronic protected health (“ePHI”) information must not only be careful about how they use and disclose ePHI, they must also be wary of criminal attacks coming from outside their organization. Even simple identification information such as names, phone numbers, and social security numbers are protected by HIPAA. As part of ongoing HIPAA compliance, providers should assess and document the risk of breach of ePHI and the safeguards in place to prevent a breach. The more technical safeguards a provider has implemented for its ePHI (such as encryption, firewalls, and unauthorized or unusual access alerts), the less likely hackers will be able to infiltrate records and, in the event they infiltrate anyway, the easier for a provider to make a good case that it took all reasonable steps to safeguard its patients’ PHI, or at least to mitigate harm caused by a breach. Providers must consider all aspects of HIPAA, including both the Privacy Rule and the Security Rule, and make sure their HIPAA compliance programs are operational and complete.


Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Benesch | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.