A healthcare system spanning 29 states announced on Monday that cybercriminals operating from China stole information on approximately 4.5 million patients, including names, birth dates, and Social Security numbers.
Community Health Systems, which comprises 206 facilities in the southern and western states, announced the incident in an 8-K filing submitted to the Securities and Exchange Commission (SEC). The data breach likely stems from compromises in April and June of this year, involved sophisticated malware, and is apparently connected to China, the company stated.
"The attacker was able to bypass the Company’s security measures and successfully copy and transfer certain data outside the Company," CHS said in its 8-K filing. "Since first learning of this attack, the Company has worked closely with federal law enforcement authorities in connection with their investigation and possible prosecution of those determined to be responsible for this attack."