The personal information of 4.5 million patients was stolen earlier this year in a data breach at Community Health Systems, a large chain of hospitals that includes Bayfront Medical St. Petersburg and 25 other Florida hospitals, according to an SEC report filed Monday.
Names, addresses, birth dates, telephone numbers and Social Security numbers were stolen from the computer network of the company, whose Florida locations includes Bartow Regional Medical Center, Lake Wales Medical Center and Bayfront Health Spring Hill.
The attack occurred in April and June and originated in China from a group using “highly sophisticated malware and technology” to break into its network and copy and transfer the information, according to the Security and Exchange Commission report.
The information came from patients who’d been referred to or seen by some physicians affiliated with some of the company's hospital in the past five years.
"Limited personal identification data belonging to some patients who were seen at physician practices and clinics affiliated with Bartow Regional and Heart of Florida over the past five years was transferred out of our organization in a criminal cyber attack by a foreign-based intruder," a company official said in an e-mail to ABC Action News.
The company says it removed the malware and has implemented safeguards to prevent future attacks. It will offer identity theft protection to victims.
"We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience to patients," a company official said. "Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection."