Attorney General Patrick Morrisey announced a reported data breach of Community Health Systems Inc., on Monday afternoon. CHS is the parent agency of Williamson Memorial Hospital, as well as many other southern West Virginia hospitals. CHS announced it was selling Williamson Memorial earlier this year.
The company believes the breach, which originated in China, occurred in April and June 2014. The breaches resulted in the theft of personal information including patient names, addresses, birth dates, telephone numbers, and Social Security numbers of people who received treatment from doctors affiliated with the hospital group, or who were referred for services to the group, within the past five years.
The company reported the breach Monday in a filing with the U.S. Securities and Exchange Commission. Community Health Systems said in the filing that it is providing appropriate notification to affected patients and regulatory agencies as required by state and federal law, and it also will offer identity theft protection to patients who were affected by the breach.
“This announcement by Community Health Systems today can be unsettling for many of the people who received care at these hospitals,” Morrisey said. “Our Office will work to help protect those who may have their information compromised.”
While the company said it believes the cyber attackers were looking for information about medical devices and equipment development data rather than individual patient information, consumers should monitor their credit reports and billing statements closely.
“If you believe you were affected by this data breach, it will be very important to check your statements carefully,” Morrisey said. “Be on the lookout for things like being billed for medical items you never ordered or received, or if you’re being billed multiple times for certain procedures or items.”
Morrisey’s office issued a list of a few basic steps consumers can take to protect their identities. Those include:
• Monitor bank accounts and credit card statements to detect unauthorized charges.
• Read every statement or letter that comes from a doctor or health insurance provider, including ones that say “this is not a bill.” This is a good way to discover charges for unreceived treatments or products. Any questionable charges on the statements should be a sign to contact an insurer immediately.
• Check credit reports for new accounts or unrecognized creditors. All consumers are entitled to a free annual credit report from each of the three major credit bureaus — Equifax, Experian, and TransUnion.
• Place a fraud alert on the credit report. These free alerts last for 90 days and make it more difficult for a person to open up a line of credit in the user’s name.
If you believe you have been a victim of identity theft, call the Attorney General’s Consumer Protection Division at 800-368-8808 and the Federal Trade Commission at 1-877-438-4338 or go online to ftc.gov/idtheft.