Breach at Verity Health System exposes data of more than 10,000 patients

A website no longer in use by the California provider was left unsecured from October 2015 until January 6, 2017, when it was discovered.
By Jessica Davis
11:07 AM

Verity Medical Foundation-San Jose Medical Group website, part of the Verity Health System in Redwood City, California, was hacked, exposing the data of 10,164 patients. Verity includes six California hospitals, the Verity Medical Foundation and Verity Physician Network.

An unauthorized user hacked into the website from October 2015 until it was discovered by Verity Health on January 6. The website was no longer in use.

The breached patient data included names, dates of birth, medical record numbers, addresses, emails, phone numbers and the last four digits of credit card numbers, dated between 2010 and 2014. Officials said Social Security numbers or full credit card numbers weren't included.

Once the breach was discovered, Verity took steps to secure the site to stop further unauthorized activity and prevent future incidents. The health system notified HHS of the breach on Jan. 11.

Affected patients are being notified via mail and Verity set up a call center to answer questions. All affected patients will receive free credit monitoring services for one year.

"Verity Health System takes the security of our patients' information seriously, and we regret that this incident occurred," Verity Health CEO Andrei Soran, said in a statement.

"We took immediate steps to investigate this incident, notify the affected individuals and appropriate authorities and ensure enhanced protection of our information systems going forward," he added. "We're working with a leading cyber-security firm to further evaluate the integrity of our information systems."

Twitter: @JessieFDavis
Email the writer:

Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.