Hackers Steal Data Of 4.5 Million US Hospital Patients

itwbennett (1594911) writes Community Health Systems said the attack occurred in April and June of this year, but it wasn't until July that it determined the theft had taken place. Working with a computer security company, it determined the attack was carried out by a group based in China that used 'highly sophisticated malware' to attack its systems. The hackers got away with patient names, addresses, birthdates, telephone numbers and Social Security numbers of the 4.5 million people who were referred to or received services from doctors affiliated with the company in the last five years. The stolen data did not include patient credit card, medical, or clinical information.

Re:HIPAA Compliance

That is a very common misunderstanding. HIPAA only applies to "covered entities." That includes healthcare clearninghouses, health plans, and healthcare providers that transmit your information electronically. For example, the hospital I work for accidentally put thousands of records on a public web site, but because we didn't at the time transmit that information electronically to others as a normal part of our business, it wasn't a HIPAA violation. Another example is a collection agency. HIPAA doesn't apply to them either. HIPAA only protects your information in a small number of the use cases.