Community Health Systems Inc., a Franklin, Tenn.-based for-profit hospital operator, faces a lawsuit as a result of a large data theft that left patient information of an estimated 4.5 million people at risk.

The suit alleges that Briana Brito, who was a patient at Las Vegas, N.M.-based Alta Vista Regional Hospital, was among those whose personal data was stolen. Brito wants class-action status for the suit, which alleges CHS failed to properly protect and encrypt patient data and possibly credit card numbers. CHS has said the hackers did not access patient credit card information.

CHS reported in August to the Securities and Exchange Commission that computer hackers in China skirted the company's security systems and stole the data. The theft included patient names, addresses, birth dates, telephone numbers and Social Security numbers and is believed to have occurred in April and June.  

CHS is one of the nation’s largest publicly traded hospital companies - with 207 hospitals in 29 states, according to the company’s website. The company does not comment on pending litigation.

In New Mexico, where the suit was filed, CHS owns Alta Vista; Carlsbad Medical Center in Carlsbad, N.M.; Eastern New Mexico Medical Center in Roswell, N.M.; Mimbres Memorial Hospital in Deming, N.M.; Mountain View Regional Medical Center in Las Cruces, N.M.; and Lea Regional Medical Center in Hobbs, N.M.

The lawsuit asks a judge to require CHS to provide Brito with consumer credit protection and insurance, and to pay restitution for any losses from identity theft. It also asks for unspecified damages.

Branch Law Firm, with offices in Albuquerque, Houston and Washington, D.C., joined Slack & Davis, a Texas-based law firm, to file the court action seeking class-action status.

CHS previously was in the news in August when it announced it agreed to pay nearly $98 million to the federal government to settle allegations that it submitted false claims for short-stay admissions that should have been billed as outpatient charges. The Justice Department alleged that CHS admitted patients when it wasn’t medically necessary and then billed Medicare, Medicaid and the military’s Tricare program for those inpatient services.  

The settlement included "no finding of improper conduct by CHS or its affiliated hospitals, and the company denied any wrongdoing," according to hospital officials.

Several whistleblowers - including Emergency Department physicians and case managers - had alleged CHS admitted patients through its emergency departments and then billed for medically unnecessary procedures when patients should have been treated as outpatients or placed on observation. The whistleblowers argued CHS established certain admissions benchmarks to improve profitability, since inpatient stays pay more than outpatient care.

The government had said that from 2005 through 2010, CHS "engaged in a deliberate corporate-driven scheme" to boost hospital admissions of patients older than 65 covered by Medicare, Medicaid and Tricare who came into emergency rooms at some 119 CHS hospitals.

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.