HUNTSVILLE, Ala. (WHNT) - Community Health Systems, which operates 206 hospitals across the United States, announced on Monday that hackers recently broke into its computers and stole data on 4.5 million patients.
Hackers have gained access to their names, Social Security numbers, physical addresses, birthdays and telephone numbers.
Anyone who received treatment from a network-owned hospital in the last five years — or was merely referred there by an outside doctor — is affected.
Crestwood Medical Center tells WHNT News 19 Tuesday that patients whose information was compromised will receive notification letters from the hospital in the next few days -- no later than August 30.
Community Health Systems operates 11 hospitals in Alabama:
-Crestwood Medical Center in Huntsville — Read Crestwood’s statement
-DeKalb Regional Medical Center in Fort Payne
-Cherokee Medical Center in Centre
-Gadsden Regional Medical Center in Gadsden
-Riverview Regional Medical Center in Gadsden
-Stringfellow Memorial Hospital in Anniston
-Trinity Medical Center of Birmingham
-L.V. Stabler Memorial Hospital in Greenville
-Medical Center Enterprise in Enterprise
-Flowers Hospital in Dothan
-South Baldwin Regional Medical Center in Foley
Initial information suggested those affected immediately put a credit freeze on their accounts. But the latest opinions we gathered from financial and consumer experts suggest otherwise.
Here's some clarification.
Since CHS claims no billing information was compromised, a credit freeze is not the avenue consumers should take. We learned the process of a credit freeze would involve drafting letters that require a notary stamp to be sent to all three credit reporting agencies.
Instead, North Alabama Better Business Bureau President Michelle Mason recommends you initiate a fraud alert.
If the stolen information includes your Social Security number, call the toll-free fraud number of any one of the three nationwide consumer reporting companies and place an initial fraud alert on your credit reports.
"Our understanding is that if you just alert one of the credit reporting agencies they will place that fraud alert and notify the other two agencies that they need to do the same for you," explains Mason. "And this helps you so that if someone else tries to open an account in your name they are going to contact you or they're going to ask many questions to make sure that's really you doing it and not and so not someone else. So you may have to go through a few extra hoops but it's a great thing for you to have to do to make sure someone doesn't take over you identity."
The BBB president also says tax fraud is the fasted growing form of identity theft -- accounting for almost half of cases last year.
"Someone could use your Social Security number to file a return immediately after tax season opens and get a refund with your name and social security number -- and the only way you're going to find out is when you go to file your return and find out form the IRS that there's been two under the same Social Security number," Mason warns.
We also asked if recently deceased hospital patients' information could cause liability for estate executors and heirs.
WHNT News 19 spoke to several elder law attorneys in the Huntsville area to ask if heirs should be taking the same safety protocols as living patients whose information was stolen. They all told us this was not a huge concern because the Social Security Administration is promptly notified to terminate a Social Security number following a death.
But Michelle Mason says you still need to remain proactive in taking steps to avoid compromised accounts and credit information.
"This is probably a good time to make sure credit bureaus are accurately reflecting that a family is deceased so that someone couldn't take on their identity and use that to make purchases or establish credit before someone uncovers the fact that the person is deceased."
Another way the stolen information could potentially affect the elderly is the act of identity thieves moving Social Security checks to a new bank account.
"Taking over your identity and pretending to be you and declaring that there's been a new address or a new bank account. So you really have to be careful because this could be someone's income or earnings that they're relying on that could disappear and you won't know it until that check doesn't show up," says Mason.
When you place this alert on your credit report with one nationwide consumer reporting company, you’ll get information about ordering one free credit report from each of the companies. It’s prudent to wait about a month after your information was stolen before you order your report. That’s because suspicious activity may not show up right away. Once you get your reports, review them for suspicious activity, like inquiries from companies you didn’t contact, accounts you didn’t open, and debts on your accounts that you can’t explain. Check that information – like your SSN, address(es), name or initials, and employers – is correct.
Continue to read your financial account statements promptly and carefully, and to monitor your credit reports every few months in the first year of the theft, and once a year thereafter.You are eligible for a free copy of your credit report from each of the 3 major credit reporting agencies each year by visitinghttp://www.annualcreditreport.com or by calling 877-322-8228.
If your information has been misused, file a report about your identity theft with the police, and file a complaint with the Federal Trade Commission atwww.consumer.gov/idtheft.