HUNTSVILLE, Ala. (WHNT) — The personal data of thousands of patients at a local hospital could be in jeopardy. The parent company of Huntsville’s Crestwood Medical Center, Community Health Systems recently posted a notice on its website regarding a third-party security incident.

Part of a letter was sent to a News 19 viewer, alerting them that their data was exposed.

The notice explains that the third-party cybersecurity company Fortra LLC encountered a data security incident with its file transfer software called GoAnywhere.

GoAnywhere is used by hospitals that are part of the Community Health Systems network, like Crestwood Medical Center.

Community Health Services has also sent letters to people whose data has been exposed.

The letters explain that the security data incident occurred between January 28th and January 30th of 2023. Fortra then made Community Health Systems aware by February 2nd and an investigation was launched.

The notice and letter sent to affected parties state the following data may have been exposed:

  • Full name
  • Address
  • Medical billing & insurance information
  • Certain medical information such as diagnoses and medication
  • Birth date
  • Social security number

Community Health Systems tells News 19 the letters were sent to people whose information was exposed.

As a result of the exposed information, they are offering 24 months of free ID restoration and credit monitoring services to those affected.

People affected have until June 30, 2023, to sign up.

News 19 reached out to the Better Business Bureau (BBB) of North Alabama to learn what you should do if your information is exposed.

“One of the very first things you should do is contact the three credit reporting agencies to let them know that you are a victim of fraud and in particular, identity breach because of the data breach,” said President & CEO, Elizbeth Garcia.

Those three agencies are Equifax, Experian, and TransUnion.

Garcia said your personal information in the wrong hands can be dangerous. “Your life can literally be taken over,” she said.

In addition to signing up for credit monitoring services and even putting a security freeze on your accounts, Garcia recommends keeping a close eye on things.

“Put alerts on all of your credit card accounts, all of your bank accounts, so that you can know what transactions are happening on your accounts at a moment’s notice,” Garcia said.

News 19 reached out to Crestwood Medical Center for comment on the situation. Crestwood directed News 19 to Community Health Systems.

Community Health Systems sent News 19 the following statement:

“On February 13, 2023, Community Health Systems filed a Form 8-K disclosing that Community Health Systems’ data has been exposed as a result of security incident experienced by Fortra’s GoAnywhere platform, which we understand impacted other companies as well. An investigation determined our own systems and those of our affiliates were not compromised or impacted by Fortra’s security incident.

Although the incident occurred on Fortra’s systems, Community Health Systems is notifying individuals known to be affected and offering them identity restoration and credit monitoring services at no cost to them. Letters are being mailed to individuals whose personal information is known to have been compromised.  A notice also has been posted to the Community Health Systems website and our affiliates’ websites for potentially affected individuals.  

Safeguarding the privacy of the personal information our patients, employees, and communities entrust to us is a responsibility we take very seriously. We will do everything we can to support individuals affected by Fortra’s security incident.”

Community Health Systems
Community Health Systems operates six total medical centers in Alabama, including Grandview Medical Center in Birmingham and Gadsden Regional Medical Center in Gadsden.