St. Cloud medical patients' information among millions stolen in cyber attack

St. Cloud Regional Medical Center is among the hospitals owned by a company whose computer systems were breached this year, resulting in the theft of the personal information of about 4.5 million people, authorities said.

Chinese hackers stole the information from Community Health Systems of Tennessee computers, including names, addresses, birth dates, telephone numbers and Social Security numbers, according to a U.S. Securities and Exchange Commission filing published Monday.

The hackers broke through the company's security systems in April and June using "highly sophisticated malware and technology," the SEC filing states. Hundreds of medical-record security breaches are reported to federal authorities every year.

The information of patients who in the past five years were referred to or received treatment from doctors affiliated with Community Health Systems was compromised, the filing states. The hackers did not take medical, credit card or billing information, the company said.

St. Cloud Regional Medical Center said information from St. Cloud Surgical Associates, St. Cloud Medical Group and Urology Associates of St. Cloud was among the stolen data. Patients will receive letters about the breach that offer identity-theft services, according to a statement from the hospital.

Community Health Systems owns 80 percent of St. Cloud Regional Medical Center. Orlando Health owns the other 20 percent, but it is not involved in running the hospital, an Orlando Health spokeswoman said.

The for-profit Community Health Systems, whose stock is publicly traded, said it has cyber-privacy liability insurance and did not anticipate that that the breach would hurt its bottom line.

Community Health Systems also owns Heart of Florida Regional Medical Center in Davenport and Wuesthoff Health Systems in Melbourne and Rockledge.

sjacobson@tribune.com or 407-540-5981