Translate this page

Fallbrook Hospital a victim of cyber attack; patient information compromised

Thursday, August 21st, 2014
Issue 34, Volume 18.
Debbie Ramsey
Managing Editor

Community Health Systems, Inc. (CHS), the company that currently operates Fallbrook Hospital has confirmed that it was the victim of an external, criminal cyber attack that occurred sometime in April and June of this year. CHS owns, operates, or leases 209 hospitals across the nation.

Details included in the United States Securities and Exchange Commission K8 form state that CHS and its forensic expert, Mandiant (a FireEye Company), believe the attacker was an "Advanced Persistent Threat" group originating from China who used highly sophisticated malware and technology to attack the company’s systems."

"The attacker was able to bypass the company’s security measures and successfully copy and transfer certain data outside the company. Since first learning of this attack, the company has worked closely with federal law enforcement authorities in connection with their investigation and possible prosecution of those determined to be responsible for this attack. CHS also engaged Mandiant, who has conducted a thorough investigation of this incident and is advising the company regarding remediation efforts. Immediately prior to the filing of [the K8 form), CHS completed eradication of the malware from its systems and finalized the implementation of other remediation efforts that are designed to protect against future intrusions of this type."

"The company has been informed by federal authorities and Mandiant that this intruder has typically sought valuable intellectual property, such as medical device and equipment development data. However, in this instance, the data transferred was non-medical patient identification data related to the company's physician practice operations and affected approximately 4.5 million individuals who, in the last five years, were referred for or received services from physicians affiliated with the company."

"CHS has Advertisement
Advertisement for Christ the King  Lutheran Church
[ Christ the King Lutheran Church ]
confirmed that this data did not include patient credit card, medical or clinical information; the data is, however, considered protected under the Health Insurance Portability and Accountability Act (HIPAA) because it includes patient names, addresses, birthdates, telephone numbers and social security numbers."

"The company is providing appropriate notification to affected patients and regulatory agencies as required by federal and state law. The company will also be offering identity theft protection services to individuals affected by this attack. The company carries cyber/privacy liability insurance to protect it against certain losses related to matters of this nature. While this matter may result in remediation expenses, regulatory inquiries, litigation and other liabilities, at this time, CHS does not believe this incident will have a material adverse effect on its business or financial results."

According to Monique Murphy-Mijares, director of public relations at Fallbrook Hospital:

"We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience to patients. Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection."

"The intruder used highly sophisticated methods to bypass security systems. The intruder has been eradicated and applications have been deployed to protect against future attacks. We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack."

"Many American companies and organizations have been victimized by foreign-based cyber intrusions. It is up to the federal government to create a national cyber defense that can prevent this type of criminal invasion from happening in the future."



Comment Profile ImageFraud Alert
Comment #1 | Thursday, Aug 21, 2014 at 1:13 pm
Concerned individuals can file a 90-day Fraud Alert which makes it more difficult to open a new line of credit under your name. You can click or call one of the 3 credit bureaus on this .gov website:
Comment Profile ImageZZZ
Comment #2 | Thursday, Aug 21, 2014 at 9:41 pm
Rady's Children Hospital called me and said an employee "accidentally" released our information as an attachment. They said some 22,000 people have been affected and offering one year of identity theft coverage but 'we' shouldn't be concerned!!

Believe me, it wasn't an accident. You have to 'try' to do something like this, it doesn't 'just' happen.
Comment Profile ImageWrenchers
Comment #3 | Friday, Aug 22, 2014 at 6:57 am
Well, this incident is no-where near as entertaining as the Tri City incident in which a disgruntled ex-employee rolled a cart out of the building containing 35,000
patient records.

Comforting, isn't it?
Comment Profile ImagePink
Comment #4 | Monday, Aug 25, 2014 at 9:54 am
Not nearly as bad as Obamacare, there is absolutely no protection against cyber crime with the ACA. Who knows who will see all your personal information, including social security numbers.

Article Comments are contributed by our readers, and do not necessarily reflect the views of The Fallbrook Village News staff. The name listed as the author for comments cannot be verified; Comment authors are not guaranteed to be who they claim they are.


Add your Comment


Images, Formatting, or HTML is not allowed : plain text only. You may post up to 5 website addresses within your comment.


The Fallbrook Village News has tightened its' policy regarding comments.
While we invite you to contribute your opinions and thoughts, we request that you refrain from using vulgar or obscene words and post only comments that directly pertain to the specific topic of the story or article.
Comments that are derogatory in nature have a high likelihood for editing or non-approval if they carry the possibility of being libelous.
The comment system is not intended as a forum for individuals or groups to air personal grievances against other individuals or groups.
Please, no advertising or trolling.
In posting a comment for consideration, users understand that their posts may be edited as necessary to meet system parameters, or the post may not be approved at all. By submitting a comment, you agree to all the rules and guidelines described here.
Most comments are approved or disregarded within one business day.

RSS FeedFacebookTwitter

Advertisement for Stellar Solar


Most Commented

Reach Local Customers

The Fallbrook Village News The Fallbrook Village News
760-723-7319 - 1588 S. Mission Rd. Suite 200, Fallbrook CA 92028
All contents copyright ©2015
About Us
Earthquake Information
Business Listings
Contact Us
Letter to the Editor
Report a website error
Online Digital Edition
RSS Feeds