CHS data breach affects 4.5M patients

Criminal data transfer occurred earlier this year

Community Health Systems was hacked earlier this year by a Chinese group, breaching identification data of 4.5 million individuals associated with the company's physician practices.

According to a federal filing with the Securities and Exchange Commission, CHS believes the attack took place in April and June. Using malware to attack the company's system, the criminal group transferred certain identification data — including names, addresses, birth dates and social security numbers — of individuals who were referred for or received services from CHS's physician practices.

The Franklin-based company reports it has now eradicated the malware from its systems. According to the company's forensic expert Mandiant, affected data is non-medical but is still protected under the Health Information Portability and Accountability Act, or HIPAA. CHS is notifying affected patients and will be offering identity theft protection services.

Shares of CHS (Ticker: CYH) are up slightly Monday mid-morning to $51.39. Year to date, they've risen 30 percent.