Community Health Systems, parent company of Tomball Regional Medical Center, announced Aug. 19 that its computer network fell victim to a criminal cyberattack believed to have occurred in April and June 2014, according to a filing with the Securities and Exchange Commission.
Approximately 4.5 million patients who received services from Community Health Systems' 206 hospitals in 29 states within the last five years were affected by the attack. The attack, which is believed to have originated in China, used highly sophisticated malware and technology, according to the filing with the SEC.
In the filing, Community Health Systems confirmed the data targeted did not include credit card, medical or clinical information. However, the attacker gained access to information protected by the Health Insurance Portability and Accountability Act, which include patient names, addresses, birthdates, telephone numbers and Social Security numbers.
Although the number of patients at TRMC who were affected by the attack have not been released, TRMC Marketing Coordinator Sylvia Saumell said the hospital will send letters to the affected parties no later than Aug. 30.
"We have no reason to believe the information will be used, but those affected will be notified by letter and offered free identity theft protection," Saumell said.
Community Health Systems has eradicated the malware from its systems and has implemented additional efforts to protect its system from future attacks, according to the filing.
Community Health Systems could not be reached for comment.