The health-care provider said in a regulatory filing it believes hackers based in China absconded with 4.5 million pieces of “non-medical patient identification data related to [its] physician practice.”
The attacks occurred in April and June. The dataset was made up of patient names, addresses, birthdates, telephone numbers and social security numbers from individuals who used or were referred to the physicians’ service over the past five years.
It didn’t include medical or clinical information, or credit card numbers. Still, the information is considered protected under Health Insurance Portability and Accountability Act, better known as HIPAA. The Franklin, Tenn.-based firm said it will provide affected customers with identity theft services free of charge. More