COLUMBUS, Ohio (WYTV) – The Better Business Bureau is warning of personal data theft attempts targeting those whose information may have been compromised by a July data breach at Community Health Systems, operator of three area hospitals.
The BBB said in a statement that it has received complaints from consumers who say they have been contacted by unknown people asking if they want credit protection in the wake of the CHS breach.
CHS is offering free credit protection to those affected by the breach through identity theft protection company Kroll and said that it and Kroll are sending letters, not calling consumers.
Thursday, Ohio Attorney General Mike DeWine urged Ohio residents who received services from or referrals to CHS in the past five years to check their credit reports.
The July security breach compromised patient information, including names, phone numbers and Social Security numbers, according to a government report.
CHS said they believed the attacker to be a group out of China using sophisticated technology to steal valuable information about approximately 4.5 million people, according to the report, filed with the U.S. Securities and Exchange Commission.
CHS operates Trumbull Memorial Hospital and Hillside Rehabilitation Hospital in Warren, Northside Medical Center in Youngstown, which are collectively known as ValleyCare Health System, and Affinity Medical Center in Massillon. It operates 206 hospitals in 29 states nationwide.
The company has been working with federal law enforcement and its security firm, Mandiant, to investigate the breach and said that the malware which caused the data to be leaked has been eliminated.
Federal authorities and Mandiant told CHS that the group has sought data on medical devices and equipment development in the past, but that in this case, the information was non-medical patient identification data.
The 4.5 million people affected are patients served by or referred to CHS.
CHS said the data did not include patient credit card, medical or clinical information but did include patient names, addresses, birth dates, telephone numbers and Social Security numbers.