It's not clear what the purpose of this attack may have been, though Community Health says the only thing it knows was stolen was "…non-medical patient identification data related to the company's physician practice operations and affected approximately 4.5 million individuals who, in the last five years, were referred for or received services from physicians affiliated with the company."
The phrase "advanced persistent threat" is noteworthy because it was first used last year by the security firm Mandiant to describe a unit of the Chinese Army that has been accused of attacking the networks of scores of American, Canadian and British companies, dating as far back as 2006. The group's operations were documented in excruciating detail in a landmark report.
Once it detected the attack, Community Health said it hired Mandiant, a unit of the security company FireEye, to investigate the incident. It's unclear if Mandiant thinks this incident is the work of the same Chinese Army group that carried out the attack, or if it's another group in China using similar tactics. The firm did not return calls seeking comment.
More from Re/code:
Can smartphones break out of their rut?
A Snapchat explainer for non-millennials
PowerToFly aims to find women techies jobs wherever they are
Mandiant's report last year documented the operations of Unit 61398, a military cyberwar unit that stands accused of attacking the networks of at least 141 companies or organizations. On average, the hackers would spend nearly a year perusing a targeted company's systems looking for sensitive information to steal: product development plans, manufacturing techniques, business plans and the email messages of senior executives. The point is to help Chinese companies be more competitive.
China has officially denied the accusations, but the report was so detailed that the U.S. Department of Justice secured criminal indictments of five members of Unit 61398, and that in turn poured new fuel on a diplomatic fire burning between the U.S. and China over the issue of cyber warfare.
Read MoreTwo major grocery chains in potential data breaches
For reference, here's a map showing the location of Community Health's hospitals around the U.S., which you can drill down on here. If you've been a patient at any of its hospitals in the last five years, you may be hearing from the company in the coming days.