Consumer Protection Hotline:
1-800-368-8808
Senior Protection Hotline: 304-558-1155
Medicaid Fraud Hotline:
1-888-372-8398

Community Health Systems Data Breach Information

September 4, 2014 Update

Attorney General Patrick Morrisey is encouraging all West Virginia residents who were referred to or received services from physicians affiliated with Community Health Systems, Inc. in the past five years to review their credit reports and accounts for possible unauthorized activity, and take advantage of one year of free credit monitoring being offered by the company. 

CHS recently sent letters to individuals whose information was taken in this cyber-attack informing them about the data breach and how to enroll in free identity theft protection and credit monitoring services.  Affected consumers can expect to receive a notification letter from CHS in the near future. If a consumer actually becomes a victim of identity theft because of the breach, restoration services will be provided free of charge.
 
Consumers with questions or concerns about this cyber-attack are encouraged to contact 1-855-205-6951 toll-free. 

August 20, 2014 Update

The company has said the information accessed was non-medical patient identification data related to Community Health Systems' physician practice operations, so the breach affected only clinics and physicians' offices, and not the hospitals directly. Additionally, the company said no medical, health, or financial information was stored on the data servers that were breached in the attack.

Community Health Services is working with Kroll, a risk management company, to set up a website and toll-free number for consumers who were affected by this security breach or have questions about the incident. Additionally, the company said it will offer identity theft protection to those patients who have been identified as victims of the security breach. Kroll will begin sending letters to those patients today. For information, consumers can visit http://kroll.idmonitoringservice.com or call 1-855-205-6951.

Our Office will continue to update consumers on this important issue.

August 18, 2014

On Monday, August 18, Community Health Systems Inc. reported a breach of patient dataThe breach affects clinics and physicians offices in West Virginia including Bluefield Medical Group, Greenbrier Valley Medical Center, Oak Hill Medical Corp., Oak Hill Hospital Corp., Ronceverte Physicians Group, Evanston Clinic Corp., and Evanston Hospital Corp. 

The company believes the breach, which originated in China, occurred in April and June 2014. The breaches resulted in the theft of personal information including patient names, addresses, birth dates, telephone numbers, and Social Security numbers of people who received treatment from doctors affiliated with the hospital group, or who were referred for services to the group, within the past five years. As many as 4.5 million people are believed to have been affected.

The company has stated that it is providing proper notification to affected parties and regulatory agencies as required by state and federal law. Additionally, the company will offer identity theft protection to patients who were affected by the security breach. Since Community Health Systems first learned about the attack, it has worked with federal law enforcement and computer security experts to identify the source and take protective measures to prevent future intrusions of this type.

To read the Office's Consumer Alert about this issue, click here.

If you believe you have been affected by this data breach, call the Attorney General's Consumer Protection Division at 1-800-368-8808, or file an online complaint here.