REDWOOD CITY, Calif.--(BUSINESS WIRE)--Although there is no evidence that patient information was used in an unauthorized fashion, Verity Health System is notifying more than 9,000 individuals that their personal information may have been accessed by an unauthorized third party.
The information, dated between 2010 and 2014, includes patient names, dates of birth, medical record numbers, addresses, email addresses, phone numbers and the last four digits of credit card numbers. The information does not include social security numbers or full credit card information
On Jan. 6, Verity Health officials detected that an unauthorized third party accessed the Verity Medical Foundation-San Jose Medical Group website, which is no longer in use. The health system promptly initiated an internal investigation and determined that the access occurred between October 2015 and January 2017. Verity took immediate steps to secure the website, stop any further unauthorized activity and prevent similar incidents from happening in the future.
“Verity Health System takes the security of our patients’ information seriously, and we regret that this incident occurred,” said Andrei Soran, chief executive officer of the one-year-old health system. Verity Health includes six California hospitals, the Verity Medical Foundation and Verity Physician Network.
“We took immediate steps to investigate this incident, notify the affected individuals and appropriate authorities, and ensure enhanced protection of our information systems going forward,” Soran added. “We are working with a leading cyber-security firm to further evaluate the integrity of our information systems.”
As required by law, Verity is notifying the affected individuals by letter. In addition, Verity is offering a call center to answer questions, as well as credit monitoring services – free of charge – for a period of one year.