Almost five million hospital patients had their personal information stolen by hackers thought to be from China, Community Health Systems announced Monday.
The company, one of the largest hospital groups in the country, said in a regulatory filing Monday that 4.5 million hospital patients had their data stolen in the breach, Reuters reports. That includes names, addresses, birth dates, telephone numbers and Social Security numbers, according to Reuters, but doesn’t extend to medical information.
The information was likely stolen in April and June and the company says it has removed the malware from its systems. Unlike other high-profile data breaches, however, the hackers weren’t able to steal credit card information or medical data. Community Health Centers operates 206 hospitals in 29 different states.
According to Community Health Systems’ spokeswoman Tomi Galin, the cyber attack was likely done by Chinese hackers because forensics experts at a unit of FireEye and federal law enforcement officials believe the “methods and techniques” used in the breach had telltale signs of a known group of hackers operating in China.
The hospital company is current contacting all patients who were affected by the attack. An FBI spokesman confirmed to Reuters that the federal agency is already investigating the breach.
Washington is increasingly worried about the vulnerability of health care information to cyber attacks, both at private companies and in federal programs. The Affordable Care Act’s data sharing system, the Federal Services Data Hub, sends personally identifying information across federal and state agencies, including the type of data stolen in the attack on Community Health Systems and more.
IT security experts have warned that the data hub and large private stores of patient information are a likely target for cyber attacks. (RELATED: Experts: Obamacare Will Lead To Massive Spying On US Health Records)