To register for MyChart, our patient communication and information system, please choose from the following options:
If you have an activation code from your enrollment letter/provider:
Don't have a code?
How-to guides and tips for MyChart Users
Get an immediate, self-serve price estimate through MyChart - no account or login required!
Community Health Network has created this FAQ page in order to ensure that details related to this incident and responses to the most common questions we receive are readily accessible to all individuals seeking more information. We remain committed to providing useful information about this third-party tracking technology data breach and we will continue to update this page as more frequently asked questions arise.
1. What happened?
Community uses third-party vendors, such as Facebook and Google, to measure and evaluate information on the trends and preferences of people who use our websites. To do that, we included third-party tracking technologies sometimes called “cookies” and “pixels” on some of our websites or applications. This is a common practice for many companies, including health care organizations.
Community recently learned that, in certain circumstances, some of the third-party tracking technologies installed on our website, including the MyChart patient portal and some of our appointment scheduling pages, transmitted certain patient information to the tracking technology vendors.
Community has disabled and/or removed the problematic technologies from our platforms and began an investigation to better understand the nature and extent of patient information that was transmitted.
2. What are “cookies” or “pixels” and why would Community use them?
Cookies and pixels are pieces of computer code that organizations commonly use to measure activity and experiences on their websites. Community used cookies and pixels to measure and evaluate information concerning the trends and preferences of people who use our websites to ensure that our websites are providing valuable information and enhancing the patient care experience.
3. Who was affected by this incident?
Any individual who visited the Community MyChart patient portal or scheduled an appointment on the eCommunity.com website since the date we began using these third-party tracking technologies (April 6, 2017), may have been involved. However, because the type of information transmitted through the tracking technologies varied depending on the configurations on the user’s device and the user’s activity on the Community website and MyChart patient portal, Community cannot determine with certainty whose information was transmitted. For example, if an individual adjusted the settings on their device to block or delete cookies, or if they use only browsers that support privacy-protecting operations, their information likely was not involved, even if they accessed MyChart or the eCommunity.com website during the time in question.
If you received a letter, this does not mean that we know for certain that your information was involved, but simply means that our records indicated that you have engaged with a Community provider or affiliated entity on or after April 6, 2017, which is the date we began implementing these third-party tracking technologies.
4. When did this happen?
Community used the applicable third-party tracking technologies from April 6, 2017 until most of them were disabled and/or removed from August to November 2022 as our investigation progressed.
5. What personal information may have been shared?
Based on our investigation, the type of patient information transmitted to certain data analytics vendors through the use of these technologies varied depending on the technical configuration of each user’s device, as well as the user’s activity within the Community website and MyChart patient portal. Only certain data fields on the website and patient portal transmitted information through the tracking technologies due to how they were configured. Our investigation was not able to determine whether and to what extent each user interacted with these data fields, so we cannot say with certainty what information was involved.
However, the types of information that could have been transmitted through the third-party tracking technologies, if a user interacted with each applicable data field, include:
6. Was financial information involved?
No. The information potentially transmitted to the third-party tracking technology vendors did not include Social Security number, debit card information, credit card information, or other financial account information.
7. Do Facebook and/or Google have access to MyChart usernames and passwords?
No. Information such as username and password was not transmitted to the third-party tracking technology vendors.
8. Should patients be concerned about the security of their electronic health record?
No. This incident did not involve access to any patient’s electronic health record. Rather, it involved the collection and transmission of information from the Community website and the MyChart application, including the patient portal. Community Health Network is unaware of any improper use or attempted use of any patient information by a third-party tracking technology vendor.
9. Why didn’t you have more protections in place to protect this sensitive information?
Information security is one of Community’s highest priorities and we have protections in place to safeguard sensitive information. However, the information we believed these third-party tracking technologies were collecting was extremely limited and, to our knowledge, unable to be used to identify the individual user in any way. Unfortunately, the way certain of these third-party tracking technologies were configured and implemented on our websites and applications led to the collection and transmission of a broader scope of information.
10. What have you done to keep something like this from happening again?
Community is taking this situation seriously and has taken steps to prevent this from happening again. We have disabled and/or removed all third-party tracking technologies on patient-facing websites and applications. We also have designed new internal processes to evaluate and manage website technologies going forward.
11. Why didn’t I receive a letter?
You may not have received a letter because our records indicate that you have not engaged with a Community provider or affiliated entity since April 6, 2017. If you did engage with a Community provider or affiliated entity during that time, our contact information for you may not be current. In situations where our contact information for an individual is missing or out-of-date, we provide notification by posting notice on our website and submitting notice to media outlets. This helps to ensure that we inform as many current and former Community patients of the incident as possible.
12. Why is my letter addressed to “Baby Boy” or “Baby Girl”?
If you have received a parent or guardian notification for an impacted minor that does not include the minor’s legal first name, this could be for any of several reasons. For example, if a baby is born at a Community facility and leaves the facility prior to adding a legal first name to the birth certificate, this generic first name would be added to our system until it is revised upon the child’s next encounter with Community. Community is happy to update its records if you provide that information.
13. What should potentially impacted individuals do now?
Based on our investigation, we do not have any evidence that the information transmitted through the use of third-party tracking technologies was acted on or misused by the tracking technology vendor. However, individuals still can play a vital role in protecting their information online.
One step individuals can take to protect themselves from website tracking on any website they may visit is to review their device settings to ensure that cookies are blocked or deleted, or use only browsers that support privacy-protecting operations. Individuals may also want to adjust their privacy settings in Facebook and Google if they have accounts with them.
If individuals are unfamiliar with revising their device settings or blocking cookies, we recommend that they visit consumer.ftc.gov/online-security to learn how to perform these actions as well as more about best practices to protect their information online.
