Hackers broke into Community Health Systems, the company announced on Monday. The company runs 206 hospitals in 29 states. The hackers nabbed data of 4.5 million people — including Social Security numbers, names, birth dates, phone numbers and addresses. However, they were not able to gain access to credit cards, or health records.
Both patients and those referred to a Community Health Systems-run hospital within the last five years are affected by this security breach, CNN reports. The majority of Community Health Systems hospitals are located in Alabama, Florida, Mississippi, Pennsylvania, Texas, Tennessee and Oklahoma. All 4.5 million people, from all 29 states, are more vulnerable to identity theft.
Mandiant, a cyber-security company hired by Community Health Systems to consult on the break-in, determined that the hackers were located in China, and according to CNN, “used high-end, sophisticated malware to launch the attacks sometime in April and June this year.”
The FBI is also providing resources to thwart and apprehend the hackers, who the Bureau reports, had been spotted trying to access medical device information.
Community Health Systems reported that it has wiped the malware from its system, and installed security to prevent future attacks.
For those who were affected by the breach, Community Health Systems said it will notify patients. However, as CNN reports, it will do so according to varying state laws; therefore there is no overarching understanding of when or how much those affected will know.