Community Health Systems said in the regulatory filing investigators have told it that the Chinese group believed to be behind the attack typically seeks valuable intellectual property, such as medical device and equipment development data, rather than the personal information stolen from the hospital group.
Galin told Reuters that the suspects had not stolen that type of information.
Officials with Mandiant could not immediately be reached for comment. FBI spokesman Joshua Campbell confirmed that the agency was investigating the case, but declined to elaborate.
The company's filing said that the stolen data did not include credit card numbers, medical or clinical information, though the types of personal information stolen were still covered by the U.S. government's Health Insurance Portability and Accountability Act, or HIPAA.
The FBI had warned healthcare providers in April that their cybersecurity systems were lax compared with other sectors, making them vulnerable to hackers looking for details that could be used to access bank accounts or obtain prescriptions. [ID:nL6N0NF4VL]
Community Health, which has 206 hospitals in 29 states, said it has removed the malware from its systems and completed other remediation steps. It is now notifying patients and regulatory agencies as required by law.
It also said it is insured against such losses and does not at this time expect a material adverse effect on financial results.
Community Health's stock was up 48 cents at $51.48 in late-morning trading on the New York Stock Exchange.