Two East Texas hospitals are caught up in a massive hacking scandal. Tennessee-based Community Health Systems announced Monday that records from its more than 200 hospitals were stolen by Chinese cyber attackers.
Longview Regional Medical Center and Lufkin's Woodland Heights Medical Center are both owned by CHS. The company made a legal filing saying it has known about the hacking since July; the actual attack occurred between April and June.
The pool of people potentially affected by this data breach includes anyone who has been cared for at a CHS facility in the last five years. The company said specific medical information is safe but the key ingredients for identity theft have been stolen. Letters will be going out to people affected by the breach.
Longview Regional and Woodland Heights aren't saying how many East Texas patients need to be worried, but a lot of people pass through those doors over the course of five years and former patient Lana Snider is preparing for the worst.
"I wish that they use their knowledge on how to do this for doing something good," she said when she learned about the hacking, adding that she's been the victim of identity theft in the past. "My checking account was got into and they wrote two checks right at Christmas time."
Hospital administrators said the information is limited to names, addresses, birth dates, phone numbers and social security numbers. They said medical records and credit card numbers are safe.
"We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience to patients," Longview Regional Medical Center Director of Marketing Libby Bryson said.
The hospital also believes there's a possibility no one is at risk for identity theft. CHS's assumption is that the thieves were after corporate secrets.
"Our organization believes the intruder was a foreign-based group out of China that was likely looking for intellectual property," Bryson said. "The intruder used highly sophisticated methods to bypass security systems."At corporate headquarters in Tennessee company leaders confirmed Monday that the digital leak had been plugged. Just not soon enough for people like Snider.
"I'll be watching everything from now on, you know, checking everything out on your checkingaccountt and anything else you have out there, you have to keep a watch on it," Snider said. "Credit reports, things like that."
Longview Regional's full statement is below:
"Limited personal identification data belonging to some patients who were seen at physician practices and clinics affiliated with Longview Regional Medical Center over the past five years was transferred out of our organization in a criminal cyber attack by a foreign-based intruder. The transferred information did not include any medical information or credit card information, but it did include names, addresses, birthdates, telephone numbers and social security numbers.
We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience to patients. Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection.
Our organization believes the intruder was a foreign-based group out of China that was likely looking for intellectual property. The intruder used highly sophisticated methods to bypass security systems. The intruder has been eradicated and applications have been deployed to protect against future attacks. We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack.
Many American companies and organizations have been victimized by foreign-based cyber intrusions. It is up to the Federal Government to create a national cyber defense that can prevent this type of criminal invasion from happening in the future.
Patients who are affected will receive a letter notifying them that their data was included and stated within the letter will be a phone number for them to utilize."