The records of an estimated 4.5 million patients of Community Health Systems (CHS) potentially have been compromised by computer hackers. Community Health Systems, which operates 206 hospitals across the U.S. announced earlier this week that its data security was compromised when hackers broke in and stole patient data.

This incident is the second largest HIPAA breach ever reported and the largest hacking-related HIPAA data breach ever reported, according to data from the Office for Civil Rights. Hackers gained access to patients’ names, Social Security numbers, physical addresses, birthdays and telephone numbers.

Anyone who received treatment from a physician's office tied to a network-owned hospital in the last five years—or was merely referred there by an outside doctor—is affected, according to an article in CNNMoney. All of those affected are potentially at risk for identity fraud. The FBI is working closely with the hospital, which also has hired cybersecurity experts to consult on the data breach. They have determined the hackers were in China and used high-end, sophisticated malware to launch the attacks sometime in April and June this year. Community Health Systems is the largest hospital company in the U.S. with hospitals in 28 states, but a significant presence in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee and Texas.