By Hayley M. Cook
WILLIAMSON - Contrary to what other media outlets have reported, Williamson Memorial Hospital is not one of 200 hospitals affected by the recent security data breach of Community Health Systems which resulted in the theft of patient information from 4.5 million people, acccording to the hospital’s administration.
Hospital Administrator Cindy Segar-Miller told the Daily News on Tuesday that the hospital was not affected.
Segar-Miller said, “The Williamson Memorial Hospital and Williamson Physician Management Group were not affected by the data branch. I can confirm that we have not been affected.”
The three CHS hospitals in Southern West Virginia that have been affected include Bluefield Regional Medical Center, Greenbrier Valley Medical Center in Ronceverte and Plateau Medical Center in Oak Hill.
The hospitals are controlled by Community Health Systems, based in Franklin, Tennessee. The company said in a filing with the U.S. Securities and Exchange Commission on Monday that information regarding about 4.5 million patients was taken from its computer network earlier this year, possibly in April and June.
The company said no medical or credit card records were retrieved in the attack, but the attackers did bypass security systems to take patient names, addresses, birth dates, telephone numbers and Social Security numbers. This information is protected under federal health privacy law and, according to Community Health, the company “is providing appropriate notification to affected patients and regulatory agencies as required by federal and state law.”
West Virginia Attorney General Patrick Morrisey released a statement Tuesday to warn West Virginians about the incident, which went viral Monday and climbed to the top of the “trending” page on Facebook.
“This announcement by Community Health Systems today can be unsettling for many of the people who received care at these hospitals,” Morrisey said. “Our office will work to help protect those who may have their information compromised.
“If you believe you were affected by this data breach, it will be very important to check your statements carefully,” Morrisey said. “Be on the lookout for things like being billed for medical items you never ordered or received, or if you’re being billed multiple times for certain procedures or items.”
Morrisey also suggested that consumers contact any of the three major credit bureaus - Equifax, Experian, or TransUnion - for a free annual credit report.
The information that was taken came from patients who were referred to, or received care from, doctors tied to the company over the past five years.
Community Health has confirmed that they will provide identity theft protection to those who were affected by the attack.
The company said it believes the attack came from a group in China that used sophisticated malware and other technology to retrieve the information. Community Health has since removed the malware from its system, and finalized “other remediation efforts” to prevent future attacks just before reporting the problem to the SEC.
The attack follows other high-profile data security problems that have hit retailers like the e-commerce site eBay and Target Corp. Last year, hackers stole about 40 million debit and credit card numbers and personal information for 70 million people from Target.
Morrisey said that if someone believes they are a victim of identity theft, they should call the Attorney General’s Consumer Protection Division at 800-368-8808 and the Federal Trade Commission at 877-438-4338, or go online to www.ftc.gov/idtheft.