What to do when hacked
These tips are among those offered on the Federal Trade Commission's "Identity Theft" web page at www.consumer.ftc.gov/features/feature-0014-identity-theft:
•Contact one of the three credit reporting companies nationally and place a fraud alert on your credit report. That company must notify the two other companies to do the same. The companies are Equifax (1-800-525-6285), Experian (1-888-397-3742) and TransUnion (1-800-680-7289).
•Order your credit report from the company to see if there are any unauthorized transactions or accounts.
•Submit a report on the ID theft to the Federal Trade Commission. Print out a copy to use as an Identity Theft Affidavit and then file a report with your local police department.
•Consider whether to extend fraud alerts on your accounts or to place credit freezes on accounts.
Letters are being sent to Lutheran Health Network patients whose personal information was included in data stolen during a cyber attack on the hospital group's parent company, Community Health Systems of Franklin, Tenn.
The attack affected data of "some" patients seen at Lutheran Health clinics and physician practices during the past five years, the area health provider said in statement emailed Monday afternoon by Alice Robinson, network vice president for planning and marketing. The statement didn't specify how many patients are involved, and Robinson said that was all of the information available yesterday afternoon.
"The transferred information did not include any medical information or credit card information, but it did include names, addresses, birth dates, telephone numbers and Social Security numbers," the statement said.
"We take very seriously the security and confidentiality of private patient information, and we sincerely regret any concern or inconvenience to patients," the statement said. "Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection."
The identity theft protection will be provided for one year, Robinson said. The letters sent to patients also will include tips on how they can protect their identity.
Community Health Systems reported Monday the attack may have happened in April and June, and it included the theft of information on more than 4 million patients nationwide, The Associated Press said. The company owns, leases or operates 206 hospitals in 29 states.
The Lutheran Health statement said Community Health Systems believes the attack came from a group in China possibly looking to steal "intellectual property" — information about new ideas, inventions or processes. The hackers used sophisticated malware and technology to penetrate Community Health's security system.
Community Health since has removed the malware and taken steps to prevent future attacks, the statement said.
"We are working with federal law enforcement authorities in their investigation and will support prosecution of those responsible for this attack," Lutheran Health's statement said.