U.S. hospital operator Community Health Systems Inc said on Monday personal data, including patient names and addresses, of about 4.5 million people were stolen by hackers from its computer network, likely in April and June.
The company said the data, considered protected under the Health Insurance Portability and Accountability Act, included patient names, addresses, birth dates, telephone numbers and Social Security numbers. It did not include patient credit card or medical information, Community Health Systems said in a regulatory filing.
It said the security breach had affected about 4.5 million people who were referred for or received services from doctors affiliated with the hospital group in the last five years.
The FBI warned healthcare providers in April that their cybersecurity systems were lax compared to other sectors, making them vulnerable to hackers looking for details that could be used to access bank accounts or obtain prescriptions, Reuters previously reported.