A healthcare company that runs six hospitals in Alabama announced Thursday that patient and other information may have been disclosed during a cybersecurity “incident” in January. Among the personal information possibly disclosed includes full names, addresses, medical billing and insurance information, medical information like diagnoses and medication and demographic information such as dates of birth and Social Security numbers, according to Community Health Systems, Inc.
The company, whose hospitals in the state include Gadsden Regional Medical Center, Grandview Medical Center in Birmingham and Crestwood Medical Center in Huntsville, said the cybersecurity firm it contracts with to provide secure file transfer software became aware of the incident on the night of Jan. 30. The actual incident occurred sometime between Jan. 28 and Jan. 30, CHS said. Fortra, the cybersecurity firm, took down impacted systems offline on Jan. 31. CHS was told of the incident on Feb. 2, the company said, and the healthcare provider began its own investigation.
The healthcare company’s investigation so far has determined that personal information on “patients, a limited number of employees, and other individuals may have been disclosed to the unauthorized party as a result of the Fortra incident,” CHS said. CHS said it would provide identity restoration and credit monitoring services for free for two years among those that request it. Those wishing to enroll in those services or those with questions on the incident were asked to call 1-800-906-7947. That number is available Monday through Friday from 8 a.m. to 10 p.m. and on Saturday and Sunday from 10 a.m. to 7 p.m.