Community Health Systems, which operates several hospitals in the Chester County area, said a cyberattack believed to be from China may have compromised patient information.
The corporation said it is cooperating with law enforcement agencies to investigate the matter.
Community Health hospitals in the area are Brandywine, Jennersville Regional, Phoenixville and Pottstown Medical Center. The corporation operates 206 hospitals nationwide in 29 states.
The Franklin, Tennessee, company said Monday that no medical or credit card records were taken in the attack, which may have happened in April and June. But Community Health said the attack did bypass its security systems to take patient names, addresses, birthdates, and phone and Social Security numbers.
Teresa Rougeaux, a spokeswoman for Jennersville Regional Hospital, said the corporation will notify all patients affected. “We’re still waiting for an official notice,” she said. The company said the intrusions affected different hospitals to different degrees, she said.
The hospital operator said it believes the attack came from a group in China that used sophisticated malware and technology to get the information. Community Health has since removed the malware from its system and finalized “other remediation efforts” to prevent future attacks.
Community Health Systems filed notice of the attack with the Securities and Exchange Commission Monday.
The corporation said it has liability insurance to cover any breaches of data affecting patients and will offer them identity theft protection services.
The attack follows other high-profile data security problems that have hit retailers like the e-commerce site eBay and Target Corp. Last year, hackers stole from Target about 40 million debit and credit card numbers and personal information for 70 million people.