Owner of Commonwealth Health says Data for 4.5 Million Patients Hacked

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

FRANKLIN, TENN — Community Health Systems, the owner of Commonwealth Health in Northeastern Pennsylvania announced Monday that it was the target of a cyber attack affecting millions of patients’ data.

In a filing with the U. S. Security and Exchange Commission, one of the largest owners of hospitals in the United States reported that it believes the hacking happened in April and June of this year.  Investigators for CHS believe a group from China is responsible for the attack, using sophisticated technology.

Community Health Systems’ filing reported that the theft was believed to target valuable intellectual property such as medical and equipment data, but it is also believed that non-medical patient identification information was taken from the files of 4.5 million individuals. It impacts patients from the last 5 years who received services from physicians affiliated with the company.  That includes many doctors in Northeastern Pennsylvania.

Commonwealth Health owns Moses Taylor and Regional Hospital of Scranton in Scranton, Wilkes-Barre General Hospital, Tyler Memorial Hospital near Tunkhannock and First Hospital in Kingston.

Commonwealth Health locations in Pennsylvania.

Commonwealth Health locations in Pennsylvania.

Community Health Systems also owns Sunbury Community Hospital and Lock Haven Hospital in Central Pennsylvania.

In its SEC filing, the company said that the data stolen does not include medical or credit card information for patients, but does include their names, addresses, birth dates, phone numbers and Social Security numbers.  Community Health Systems says affected patients will be notified.

Commonweath Health released the following statement on the attack:

“The attack does not involve Commonwealth Health-affiliated hospital-specific data, Physicians Health Alliance, Great Valley Cardiology or InterMountain Medical Group practices.

Limited personal identification data belonging to some patients who were seen at the Berwick Medical Professionals practices, Wilkes-Barre Academic Medicine Clinic, Wyoming Valley Surgical Associates, Wilkes-Barre Neurosurgical Associates, Scranton Clinic Company and Wilkes-Barre Clinic Company over the past five years was transferred out of our organization in a criminal cyber attack by a foreign-based intruder. The transferred information did not include any medical information or credit card information, but it did include names, addresses, birthdates, telephone numbers and Social Security numbers.

Patients who have been affected will receive a letter from their physician’s office. A toll-free number (1-855-205-6951) has been set up to answer patients’ questions.

We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience this event may cause our patients. Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection.

Our organization believes the intruder was a foreign-based group out of China that was likely looking for intellectual property. The intruder used highly sophisticated methods to bypass security systems. The intruder has been eradicated and applications have been deployed to protect against future attacks. We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack.”

     Renita Fennick | Director of Communications | Commonwealth Health


  • tom

    Will the Chinese govt. do anything about this or will this just be written off like other countries who the US appears to be afraid of when dealing with certain situations.

    • Jim

      If past experience is any guide the Chinese government IS the one behind the hacking. So no, I don’t think they will be of any help in this matter.

  • laura

    The commonwealth replif about particular hospitals. They did not say anything about first hospital in kingston. And thats a behavioral hospital for emotional and mental illness patients. Easy prey! Not good

  • scran=tony

    Where will you be when the terrorists decide to swap rat poison with your heart meds? these mega corporations are ruining our communities!

  • JP

    This is the perfect example of why we should not be providing our SS# to anyone for any reason. Any other information that is needed to steal people’s identities are easier to come by in the State of PA thanks to recent disclosure laws enacted by Mr. Corbett. However Corbett, is exempt from having to disclose any of his personal information. Unlike the rest of us.

    • tom

      I do agree with you-we should ont be obligated to give out our SS# for any reason-especially in these times of computers running our personal business-forms-really running our lives.

  • Sue

    Why notify us now when it happened from April to June of this year. Great!! And no one has personally contacted us yet???

    • tom

      It’s a healthcare organization.If it’s anything like the way the old Mercy Hosp. was run-forget it. you probably won’t be notified.I bet you’d be notified within days if you owed them a copay.

  • Donna

    How are we going to be contacted/ Also, how will we know for sure its Commonwealth contacting us and not the hackers? They hacked all our information so how do we know??

Comments are closed.