Cyber attack may affect area physicians' patients

A company affiliated with area physicians has identified a cyber attack that is being investigated by the FBI.

Patients who received services from Marion Physician Services LLC, affiliated with Community Health Systems Professional Services Corporation, have been notified of an external cyber attack.

Christi Meggs, director of human resources for Carolinas Hospital System - Marion, the parent company of Marion Physician Services, stated that this attack is believed to come from an 'Advanced Persistent Threat' group originating from China sometime between April and June.

The breech may have caused patient information including names, addresses, birth date, Social Security number, and possibly phone numbers and names of employers or guarantors to be transferred, she said.

Meggs confirmed information in a letter that Marion Physician Services LLC sent to patients that states that 'to the best of CHSPSC's knowledge, no credit card, financial, medical or clinical information was taken.'

If a patient's information was affected, he or she will receive a letter in the mail, Meggs stated.

She said CHSPSC is working with the Federal Bureau of Investigation (FBI) on this matter and investigators don't think that the information was taken for financial reasons or identity theft.

'They think the group was looking for intellectual property like medical device data and things like that,' she said.

She said this cyber attack could have affected about four million people nationwide, but she did not know how many people in South Carolina might be affected.

The FBI did not respond by press time.
Meggs added that she, too, received a letter in the mail about the cyber attack, but she has not seen any activity in her personal accounts.

Meggs said she recommends that people use identity theft protection services, just as they would buy health insurance.

'If your employer offers that, consider it,' Meggs stated.

'It is a new world we are living in.'
CHSPSC warns people not to provide any personal information in response to any calls or e-mails, and states that none of the companies involved will call or e-mail patients requesting information.

'We are committed to the privacy of your personal information, and regret the stress and worry this situation may have caused you,' the letter states.

CHSPSC is a Tennessee company that provides management, consulting and information technology services to Marion Physician Services LLC.

In July, CHSPSC confirmed that its computer network was the target of an external, criminal attack.

'The attacker successfully bypassed the company's security measures and copied and transferred some data,' the letter states.

'Since first discovering the attack, CHSPSC has worked closely with federal law enforcement authorities in connection with their investigation of the matter. CHSPSC also engaged outside experts to conduct a thorough investigation of this incident. The attacker no longer has access to CHSPSC's systems.'

CHSPSC has implemented additional audit and surveillance technology to detect unauthorized intrusions, adopting advanced encryption technologies and requiring users to change their access passwords.

They are providing patients the opportunity to sign up for identity theft protection through Kroll Identification Monitoring Service, free of charge for one year, the letter states.

Source: www.southstrandnews.com