Owner of area hospitals targeted by hackers

Last updated: August 18. 2014 11:39PM - 7339 Views
By - tkellar@timesleader.com

Story Tools:

Font Size:

Social Media:
More Info:

The cyber attack on Community Health Systems Inc. that affected 4.5 million patients nationwide is another of a series of setbacks the system of hospitals is facing.

• Two CHS-owned hospitals — Wilkes-Barre General Hospital and Berwick Hospital Center — were among 119 Community Health Systems facilities nationwide involved in a $98.15 million settlement to end a Department of Justice investigation. The settlement, announced on Aug. 4 by the DOJ and CHS , resolves multiple lawsuits alleging the company knowingly billed government health care programs for inpatient services that should have been billed as outpatient or observation services.

• The union filed unfair labor complaints against Wilkes-Barre Hospital Co. LLC in April, claiming it made numerous requests to the company for information in order to be able to bargain for a new contract. Attorneys for the Wyoming Valley Nurses Association, a local bargaining unit for Pennsylvania Skilled Nurses and Allied Professionals, testified before Administrative Labor Judge Susan Flynn at the National Labor Relations Board offices in Philadelphia on July 14.

• About 450 Wilkes-Barre General nurses who belong to the union went on strike for five days last month.

• On Dec. 3, 2013, the union held a 24-hour strike and was locked out two more days while temporary workers staffed their shifts.

• The nurses also held a 24-hour strike from Dec. 23 to 24 in 2010. They reached an agreement on May 3, 2011, and have been working under the terms of that contract that expired in April 2013.

WILKES-BARRE — A cyber attack on Community Health Systems Inc., which owns hospitals and medical practices in the Wyoming Valley and surrounding communities, has resulted in 4.5 million patients being affected nationwide.

According to a report the company filed Monday with the U.S. Securities and Exchange Commission, the attack took place in April and June.

CHS and its forensic expert, Mandiant, believe that the attacker was an “advanced persistent threat” originating from China. The group allegedly used highly sophisticated malware and technology to attack the company’s computer systems, and was able to bypass security measures to copy and transfer certain data from the company.

Based in Franklin, Tennessee, CHS owns or leases 206 hospitals in 29 states, including: Wilkes-Barre General Hospital; First Hospital in Kingston; Regional Hospital and Moses Taylor Hospital, both in Scranton; and Berwick Hospital and Tyler Memorial Hospital in Tunkhannock. In those hospitals, CHS spokeswoman Renita Fennick said there’s a workforce of about 6,000.

CHS has 20 affiliated hospitals across Pennsylvania, including in York, Philadelphia, Lancaster and Easton.

According to a statement CHS released late Monday afternoon, the attack does not involve Commonwealth Health-affiliated hospital-specific data, Physicians Health Alliance, Great Valley Cardiology or InterMountain Medical Group practices.

“Limited personal identification data belonging to some patients who were seen at the Berwick Medical Professionals practices, Wilkes-Barre Academic Medicine Clinic, Wyoming Valley Surgical Associates, Wilkes-Barre Neurosurgical Associates, Scranton Clinic Company and Wilkes-Barre Clinic Company over the past five years was transferred out of our organization in a criminal cyber attack by a foreign-based intruder,” CHS said in the statement.

Breached data

The transferred information did not include any medical information or credit card information, but it did include names, addresses, birthdates, telephone numbers and Social Security numbers, CHS said.

Patients who have been affected will receive a letter from their physician’s office. A toll-free number (1-855-205-6951) will be set up to answer patients’ questions.

“We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience this event may cause our patients. Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection,” CHS said.

CHS officials believe the intruder was a foreign-based group out of China that was likely looking for intellectual property.

“The intruder used highly sophisticated methods to bypass security systems. The intruder has been eradicated and applications have been deployed to protect against future attacks. We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack,” CHS said.

The breached data is considered protected under the Health Insurance Portability and Accountability Act (HIPPA) because it includes patient names, addresses, birth dates, telephone numbers and social security numbers, CHS said.

CHS carries liability insurance to protect it against losses from cyber attacks, and company officials do not believe that the attack will have a negative affect on business or financial results.

Times Leader staff writer Steve Mocarsky contributed to this report.

All user comments are subject to our Terms of Service. Users may flag inappropriate comments.
comments powered by Disqus

Featured Businesses


Info Minute

Gas Prices

Wilkes-Barre Gas Prices provided by GasBuddy.com