Patient’s Nightmares Confirmed: DATA BREACH at CHS
August 18, 2014
From CNN Money
Community Health Systems (CHS), which operates 206 hospitals across the United States, announced on Monday that hackers recently broke into its computers and stole data on 4.5 million patients.
Well, this confirms anyone’s concern over of physician’s offices and hospitals moving to electronic records (EMR/EHR) as hackers gained access to patient names, addresses, phone numbers and Social Security Numbers.
Who all is in jeopardy?
Anyone patients seen by any of the 206 hospitals or their hospital owned physicians over the last five years.
What does it mean for those patients?
Any patient whose data was on the hospital database is subject to identity fraud (talking about adding insult to injury).
What’s being done?
The FBI said it’s working closely with the hospital network and “committing significant resources and efforts to target, disrupt, dismantle and arrest the perpetrators.
Still, the lost personal information is protected by the Health Insurance Portability and Accountability Act (HIPAA), the federal health records protection law. That means state attorneys general could sue for damages. Under state laws, patients themselves could sue the hospital network for negligence. Well that’s swell but will the Attorney General award any of the damages to the injuried parties? Something it might be worth contacting an attorney about if your data was used fraudulently.
Sadly, until The DOJ makes an example of one hospital system this is going to become more common.
What can patients do to protect themselves in the future?
Don’t leave any unnecessary information on file with any hospital or doctor’s office including banking or credit card information.
Get a copy of your credit report immediately and report anything suspect, also report that information to the hospital CEO and the Attorney General’s (AG’s) office.
Cancel any credit cards or bank accounts if you did have on file. Not sure? Call the hospital or doctor’s office and ask them to verify (or ask for a copy of your records-it’s a good idea to have those anyway).
Ask if the facility can just keep the last 4 of your Social Security Number on file and bring proof of the full number each appointment to verify. They could deny your appointment if you don’t have proof; but, taking control of your healthcare and personal security are worth a little extra work on your end.