Community Health Systems Data Breach Settlement Agreed

by | Feb 7, 2019

Patients of Community Health Systems’ (CHS), who had their protected health information (PHI) illegally obtains in a  hacking attack in 2014 have been offered compensation in relation to the violation of their private Private Health Information (PHI).

Tennessee-based Community Health Systems manages more than 200 hospitals, meaning it is one of the biggest healthcare systems in the United States.

In 2014, CHS noticed that malware had been downloaded to its network. The malware permitted unauthorized actors to obtain access to patient information between April and June 2014. The cyberattack is thought to have been carried out by hackers located in China.

An advanced malware variant was wielded in the attack, which had the sole aim of obtaining sensitive information. An investigation into the breach revealed that that patient data including names, addresses, phone numbers, dates of birth, and Social Security numbers had been obtained. The PHI of 4.5 million patients was stolen by the hackers.

When it occurred it was the largest healthcare data breach to be submitted to the Department of Health and Human Services’ Office for Civil Rights and still ranks as one of the top six healthcare data breaches ever.

In the aftermath of the the breach, many legal actions were filed by patients seeking compensation for the theft of their personal information. The lawsuits were joined together into a single lawsuit, which survived attempts by CHS to have the case struck out. A settlement has now been reached to resolve the legal action.

The settlement states that two different payments for breach victims will be paid out. Those who can prove they have incurred out-of-pocket expenses due to the breach and/or can show evidence of time lost securing their accounts, can claim up to $250 in compensation. Individuals who have been impacted by identity theft or fraud as a result of the breach can recover up to $5,000 in losses.

Legal fees adding up to $900,000 have also been incorporated in the settlement agreement along with a payment of $3,500 for each representative class member.

To qualify for payment, a compensation claim must be filed by August 1, 2019. Individuals who do not wish to be included in the settlement and those who would like to submit an objection, have until May 18 to get in touch with CHS.

The settlement must still be reviewed for fairness and approved by a judge. A hearing has been scheduled to take place on August 13, 2019.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy