By Attorney General Communications
Attorney General Lynn Fitch, along with the Attorneys General of 27 other states, has obtained a judgment against Tennessee-based Community Health Systems, Inc., and its subsidiary, CHSPSC LLC. This resolves an investigation of a data breach which impacted approximately 6.1 million patients, including 210,682 Mississippians. Mississippi will receive $141,333.90 as a result of the ruling.
“As cybersecurity threats persist, we must be constantly vigilant to keep personal information secure,” said Attorney General Lynn Fitch. “I will continue to work with local, state, and federal partners to enforce laws that protect Mississippi consumers and stop bad actors who seek to compromise the integrity, security, and confidentiality of personal and private information.”
At the time of the data breach, CHS owned, leased, or operated 206 affiliated hospitals including several hospitals located in Mississippi. Exposed in the breach were the names, birthdates, Social Security numbers, phone numbers, and addresses of patients. The judgment, agreed to by CHS, requires a $5-million payment to the states and provides that CHS agree to implement and maintain a comprehensive information security program reasonably designed to safeguard Personal Information (PI) and Protected Health Information (PHI).
Specific information security measures contained in the agreed judgment include requirements to:
In addition to Mississippi, this settlement includes Alaska, Arkansas, Connecticut, Florida, Illinois, Indiana, Iowa, Kentucky, Louisiana, Massachusetts, Michigan, Missouri, Nebraska, Nevada, New Jersey, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont, Washington, and West Virginia.
If you are a member of the media and have an inquiry, please contact Colby Jordan here.