One of the US’s leading hospital care operators, Community Health Systems (CHS), may have lost personal data for over 4.5 million patients to Chinese hackers. The organization operates 206 hospitals in 29 states.

CHS said that the company had “eradicated” the malware from its computer systems, as well as having implemented other protection measures.

Authorities do not understand the purpose of this hack, mainly because the information stolen did not include credit card or medical history information. What was taken was “non-medical patient identification data related to the Company’s physician practice operations” from the last five years, according to CHS’s Securities and Exchange Commission (SEC) filing–more specifically, “names, addresses, birth dates, telephone numbers, and Social Security Numbers.”

“The attack is a departure from many recent breaches in which hackers, many of whom reside in Eastern Europe, snag personal information and sell it on the cyber black market,” according to Fox Business.

But authorities are not without suspicions. The Director of Security Research at leading global cybersecurity firm Tripwire spoke about the breach and said, “This is the information needed for identity theft to allow criminals to open accounts in the names of the 4.5 million victims.”

A top suspect for the hack is “Unit 61398,” reportedly–a group identified in hacking US Companies last year. The US Department of Justice indicted five Unit 61398 members for stealing trade secrets.

Health records are files highly vulnerable to attacks, according to Kevin Mandia, who founded American cybersecurity firm Mandiant and is now COO at FireEye. This is because there is a demand for health records to be accessible quickly, so security barriers are low.

The attack possibly occurred in April and June, according to CHS. CHS is currently contacting affected hospital patients and is offering identity theft protection free.

“Anybody who’s affected, no matter what the scope, we’ll help them get all those things resolved,” said Rachel Neighbors, marketing director at one of the affected hospitals, North Okaloosa Physician Group and Gateway Medical Clinic.

By James Haleavy