Community Health Systems said in a press release that protected information such as names, addresses, insurance information, medical information, birth dates and social security numbers of patients and employees may have been disclosed during the breach.
According to an SEC filing, the company estimates information about 1 million individuals may have been affected by the security breach. The company hasn't responded to questions about how many of those people were from Mississippi.
Fortra, a cybersecurity firm that works with the health care company to provide a file transfer software called GoAnywhere, reported that the data breach occurred between Jan. 28, 2023, and Jan. 30, 2023. Fortra took the impacted systems offline on Jan. 31, 2023, which stopped the unauthorized access to the system.
Forta said an "unauthorized party exploited a previously unknown vulnerability" to access the GoAnywhere system. They also said the FBI and other federal officials have been notified, and that any affected patients will get a letter with further information.
This is not the first time one of the company's subsidiaries, CHSPSC, LLC has dealt with a data breach related to patient information. In 2020, CHSPSC, LLC reached a $2.3 million settlement with the Department of Health and Human Services Office for Civil Rights over a data breach that revealed personal health information of 6 million patients in 2014.
An audit done by OCR of the 2014 breach found that CHSPSC had failed to implement security protections required by HIPPA rules. As a part of the 2020 settlement, CHSPSC agreed to implement and maintain a comprehensive information security plan to safeguard protected health information.
According to the office of Mississippi Attorney General Lynn Fitch, 210,582 Mississippians were affected by the 2014 breach and Mississippi received $141,333.90 in the settlement.
Patients who think they may have been affected by the 2023 breach can enroll in an Experian credit monitoring service provided by CHSPSC at no cost for 24 months, as required by state law.
For individuals who would like to enroll in these services or who have questions related to this incident, CHSPSC can be reached toll-free at 800-906-7947. The deadline to enroll is June 30, 2023.
Community Health Services currently operates nine hospitals in Mississippi.
© 2023 The Sun Herald (Biloxi, Miss.). Distributed by Tribune Content Agency, LLC.