• 5
  • Hospitals
  • 5
  • TN
  • 5
  • Community Health Systems Professional Services Corporations (CHSPSC), LLC

Community Health Systems Professional Services Corporations (CHSPSC), LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

In 2014, Community Health Systems Professional Services Corporation (CHSPSC), LLC, experienced a significant data breach that impacted approximately 6.1 million patients. This breach was a result of a cyberattack by Chinese hackers who utilized advanced malware to access and exfiltrate patient data, including names, birthdates, Social Security numbers, phone numbers, and addresses, between April and June 2014. Notably, credit card details and medical data were not compromised in this breach[1][6].

Following the breach, CHSPSC faced legal and financial repercussions. The company agreed to pay $5 million to settle investigations by 28 state attorneys general into the breach. This settlement was announced in October 2020 and was part of a broader effort to address the fallout from the breach, which also included a $3.1 million settlement of a class action lawsuit with affected patients in February 2019[1].

Additionally, CHSPSC agreed to a $2.3 million settlement with the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) for violations related to the breach. This settlement was announced in September 2020 and was notable for being one of the largest HIPAA violation fines of that year. The OCR’s investigation found systemic noncompliance with the HIPAA Security Rule at CHSPSC, including failures in implementing information system activity review, security incident procedures, access controls, and conducting a risk analysis[6][10].

As part of the settlements, CHSPSC was required to implement and maintain a comprehensive information security program designed to safeguard personal and protected health information. This program includes specific security measures such as developing a written incident response plan, incorporating security awareness and privacy training for all personnel with access to protected health information, limiting unnecessary or inappropriate access to such information, and implementing policies and procedures regarding business associates[1][6].

These legal and financial settlements underscore the significant consequences of failing to protect sensitive patient information and the importance of adhering to data protection regulations such as HIPAA. They also highlight the growing threat of cyberattacks on healthcare organizations and the need for robust cybersecurity measures to protect against such threats.

Citations:

  1. https://www.fiercehealthcare.com/tech/chs-to-pay-5m-to-28-states-to-settle-2014-data-breach
  2. https://attorneygenerallynnfitch.com/2020/10/08/ag-fitch-obtains-judgment-in-community-health-systems-data-breach/
  3. https://www.bizjournals.com/nashville/news/2023/02/14/cyber-attack-exposes-data-of-chs-patients-forta.html
  4. https://www.hipaajournal.com/march-2023-healthcare-data-breach-report/
  5. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/chspsc/index.html
  6. https://www.infosecurity-magazine.com/news/chspsc-agrees-2m-data-breach/
  7. https://www.databreaches.net/community-health-systems-estimates-1-million-patients-impacted-by-vendors-goanywhere-breach/
  8. https://www.naplesnews.com/story/news/2023/05/11/more-than-1-2-million-patients-face-risks-after-data-breach-at-chs/70198714007/
  9. https://www.hipaajournal.com/community-health-systems-pays-5-million-to-settle-multi-state-breach-investigation/
  10. https://www.hipaajournal.com/business-associate-fined-2-3-million-for-breach-of-6-million-records-and-multiple-hipaa-failures/
  11. https://www.scag.gov/about-the-office/news/attorney-general-alan-wilson-obtains-judgment-resolving-community-health-systems-data-breach-investigation/
  12. https://www.lanereport.com/131716/2020/10/attorney-general-announces-nearly-5-million-multi-state-settlement-with-chs-community-health-systems-inc-for-data-security-breach/
  13. https://www.tn.gov/attorneygeneral/news/2020/10/8/pr20-44.html
  14. https://www.campussafetymagazine.com/news/chs-community-health-systems-to-pay-5m-for-data-breach/
  15. https://williamsonsource.com/franklin-based-health-company-experiences-cyber-attack-exposes-info-of-1m-patients/
  16. https://www.pahomepage.com/news/data-breach-impacts-community-health-systems-hospitals/
  17. https://www.myfloridalegal.com/newsrelease/judgment-obtained-resolving-data-breach-investigation
  18. https://www.idstrong.com/data-breaches/chspsc-llc-breach/
  19. https://ncdoj.gov/attorney-general-josh-stein-announces-5-million-settlement-with-community-health-systems/
  20. https://www.bankinfosecurity.com/chs-to-notify-1-million-in-breach-linked-to-software-flaw-a-21405
  21. https://www.careersinfosecurity.com/more-breach-fines-for-community-health-systems-a-15142
Breach Submission Date Mar 16, 2023
Converted Entity Name Community Health Systems Professional Services Corporations (CHSPSC), LLC
Converted Entity Type Business Associate
State TN
Individuals Affected 962,884
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes