On September 23, 2020, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced a $2.3 million settlement with Community Health Systems Professional Services Corporation (CHSPSC, LLC) over alleged violations of the Health Insurance Portability and Accountability Act (HIPAA).
On April 10, 2014, cyber-hackers used compromised administrative credentials to gain access to CHSPSC’s health information management system (HIMS) through its virtual private network (VPN), and exposed the protected health information (PHI) of over 6.1 million people.