Hospital Data Breach: What You Should Do Now

A map showing the locations of Community Health Systems facilities affected by the data breach. Credit: Community Health SystemsA map showing the locations of Community Health Systems facilities affected by the data breach. Credit: Community Health Systems

Someone has stolen records pertaining to 4.5 million U.S. residents from healthcare provider Community Health Systems, the company announced today (Aug. 18) in a regulatory filing. The stolen records include the names, Social Security numbers, home addresses, birth dates and telephone numbers of persons treated at or referred to Community Health Systems' facilities located across the United States.

This is a serious data breach, especially because Social Security numbers were stolen along with names and birth dates. Together, the three pieces of information are a jackpot for identity thieves. They cannot easily be changed as a password or email address can, and are often all that are needed to open a bank account or obtain a credit card.

However, there are still some things that persons affected by this data breach can do to protect themselves and their identities. 

MORE: What to Do If Your Social Security Number Is Stolen

Community Health Systems owns, operates or leases 206 hospitals in 29 states. Most of its hospitals are located in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee and Texas. You can check the full list of locations on the company website.

Anyone who has received treatment at a Community Health Systems hospital in the past five years, or has even been referred to one, is affected by the breach.

The culprits appear to be a "group originating from China who used highly sophisticated malware," according to the public report Community Health Systems filed with the U.S. Securities and Exchange Commission (SEC).

The SEC filing also states that Community Health Systems will provide "cyber/privacy liability insurance" for its patients. However, laws governing company liability to customers in case of a data breach change from state to state, making it difficult to know what to expect. 

If you can confirm that your Social Security number (SSN) has been stolen, the first thing to do is to contact each of the three major credit-reporting agencies: Equifax, TransUnion and Experian. Tell them your SSN has been stolen, and each will give you a free copy of your credit report.

Ask each credit-reporting agency to place a credit alert, which will be good for 90 days, on your file. During that time period, you will be notified if anyone tries to open an account in your name.

Next, report the theft to the Internal Revenue Service (IRS) on its website or via telephone at 1-800-908-4490. You're not done: Report the theft of the SSN to the Internet Crime Complaint Center and the Federal Trade Commission, and file a SSN theft report with your local police.

If your identity does end up being stolen, and continues to cause problems for several years, you can try to get a new Social Security number. But be warned: Doing so is not easy, and the government frequently turns down requests. You can read more about how to change your SSN in our guide.

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
    Your comment
  • Shin-san
    Damn. It may get to the point where you just have to assume that your information has gotten breached.
  • Christopher1
    In a case like this, the government should not be allowed to deny someone a new SS number, period.