Community Health Systems Inc, one of the biggest U.S. hospital groups, said it was attacked by hackers originated in China, and personal data belonging to 4.5 million patients were stolen.
The stolen information included patient names, addresses, birth dates, telephone numbers and Social Security numbers of people who were referred for or received services from doctors affiliated with the hospital group in the last five years, Community Health Systems said in a regulatory filing on Monday.
The company believes the attack originated from China because federal law enforcement and forensics experts with FireEye unit Mandiant had told it that "the methods and techniques" employed by the hackers were consistent with a particular group of hackers operating in China.
The company's filing said that the stolen data did not include credit card numbers, medical or clinical information.
Community Health said it has removed the malware from its systems and completed other remediation steps. It is now notifying patients and regulatory agencies as required by law.