For Immediate Release:
Thursday, October 8, 2020
Laura Brewer (919) 716-6484
(RALEIGH) Attorney General Josh Stein today won a $5 million judgment against Tennessee-based CHS/Community Health Systems Inc. and its subsidiary, CHSPSC LLC, over a data breach that affected approximately 6.1 million patients, including 59,527 North Carolinians. North Carolina will receive $200,373.17 of the settlement.
“When health care companies that have access to patients’ private and sensitive data don’t do enough to protect that data, they put patients at risk,” said Attorney General Josh Stein. “I’m pleased that as a result of today’s judgment, CHS will do more to keep patients’ information secure.”
At the time of the data breach, CHS owned, leased, or operated 206 affiliated hospitals, including six hospitals in North Carolina. The breach exposed patients’ names, birthdates, social security numbers, phone numbers, and addresses.
As a result of today’s judgment, CHS also agrees to:
- Implement and maintain a comprehensive information security program to safeguard personal information and protected health information (PHI).
- Develop a written incident response plan.
- Incorporate security awareness and privacy training for all personnel who have access to PHI.
- Limit unnecessary or inappropriate access to PHI.
- Implement specific policies and procedures regarding business associates.
Attorney General Stein is joined in today’s settlement by the Attorneys General of Alaska, Arkansas, Connecticut, Florida, Illinois, Indiana, Iowa, Kentucky, Louisiana, Massachusetts, Michigan, Mississippi, Missouri, Nebraska, Nevada, New Jersey, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont, Washington, and West Virginia.
A copy of the complaint is available here.