CHARLESTON - Attorney General Patrick Morrisey is warning consumers about a data breach reported by Community Health Systems Inc., the parent company of four hospitals in southern West Virginia: Bluefield Regional Medical Center, Greenbrier Valley Medical Center in Ronceverte, Plateau Medical Center in Oak Hill, and Williamson Memorial Hospital, which CHS announced it was selling earlier this year.
The company believes the breach, which originated in China, occurred in April and June 2014. The breaches resulted in the theft of personal information including patient names, addresses, birth dates, telephone numbers, and Social Security numbers of people who received treatment from doctors affiliated with the hospital group, or who were referred for services to the group, within the past five years.
The company reported the breach Monday, in a filing with the U.S. Securities and Exchange Commission. Community Health Systems said in the filing that it is providing appropriate notification to affected patients and regulatory agencies as required by state and federal law, and it also will offer identity theft protection to patients who were affected by the breach.
"This announcement by Community Health Systems today can be unsettling for many of the people who received care at these hospitals," Morrisey said. "Our Office will work to help protect those who may have their information compromised."
While the company said it believes the cyber attackers were looking for information about medical devices and equipment development data rather than individual patient information, consumers should monitor their credit reports and billing statements closely.
"If you believe you were affected by this data breach, it will be very important to check your statements carefully," Morrisey said.
"Be on the lookout for things like being billed for medical items you never ordered or received, or if you're being billed multiple times for certain procedures or items."
There are a few basic steps consumers can take to protect their identities, including:
- Monitor your bank account and credit card statements to detect unauthorized charges.
- Read every statement or letter that comes from your doctor or health insurance provider, including ones that say "this is not a bill." This is a good way to discover charges for treatments or products you didn't receive or order. If you notice any questionable charges on the statements, contact your insurer immediately.
- Check your credit report for new accounts or creditors you do not recognize. All consumers are entitled to a free annual credit report from each of the three major credit bureaus - Equifax, Experian, and TransUnion
- Place a fraud alert on your credit report. These free alerts last for 90 days and make it more difficult for a person to open up a line of credit in your name.
If you believe you have been a victim of identity theft, call the Attorney General's Consumer Protection Division at 800-368-8808 and the Federal Trade Commission at 1-877-438-4338 or go online to www.ftc.gov/idtheft.