SEBRING — A limited amount of information regarding patients seen at physicians’ practices and clinics affiliated with Highlands Regional Medical Center may have been obtained by Chinese hackers, according to a statement from the hospital.
Highlands Regional Medical Center said that the breach involved information obtained during the past five years.
“The transferred information did not include any medical information or credit card information, but it did include names, addresses, birthdates, telephone numbers and Social Security numbers,” the statement said.
Susan Reed, marketing director for Highlands Regional, said no hospital patient records were affected.
In a filing with the U.S. Securities and Exchange Commission, Community Health Systems, the owner of Highlands Regional, said the breach affected 4.5 million people who received services from a physician’s office or clinic affiliated one of the hospitals owned by Community. Other hospitals included Munroe Regional Medical Center in Ocala and Shands hospitals in Starke, Live Oak and Lake City, according to press reports.
The breach was first discovered in July and a resulting investigation by a computer forensic expert led to the belief that “the attacker (hacker) was an ‘Advanced Persistent Threat,’ group originating from China who used highly sophisticated malware and technology to attack the Company’s systems,” the filing said. “The attacker was able to bypass the company’s security measures and successfully copy and transfer certain data outside the company.”
Since then, the company has had the malware removed, taken other steps to protect the system and has cooperated with federal authorities, the filing said.
Highland Regional’s statement said that all the physician and clinic patients were notified of the breach and offered free identity theft protection.
Highlands Regional said it believes the federal government needs to develop a national cyber defense to prevent future computer hacking from foreign sources.
Earlier this year in an unrelated incident, Highlands County Sheriff Susan Benton said federal authorities were investigating incidents that may have involved former Highlands Regional employees having stolen information from patient records at the hospital.
The information that involved 400 to 500 residents of Highlands County was used to file fraudulent income tax returns, authorities said.
Highlands Regional officials declined to comment on that matter.