On July 28, 2016, Dominican Hospital, a healthcare facility under the jurisdiction of the California Office of the Attorney General, suffered a data breach involving the unauthorized transmission of a Microsoft Excel workbook via secured email. The file was sent to a local health plan but inadvertently included patient information for individuals not affiliated with the plan. The exposed data comprised sensitive details such as **names, account numbers, and medical records**, though **Social Security numbers were not compromised**. The breach raised concerns over **patient privacy violations** and **potential misuse of medical data**, which could lead to identity theft, targeted phishing, or fraudulent medical claims. While the exact number of affected individuals remains undisclosed (marked as 'UNKN'), the incident underscored vulnerabilities in **data-sharing protocols** between healthcare providers and third-party entities. The exposure of **medical information**—a highly regulated and sensitive data category—poses long-term risks, including reputational damage to the hospital and erosion of patient trust. Regulatory scrutiny under **HIPAA (Health Insurance Portability and Accountability Act)** likely followed, given the nature of the compromised data.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-63491
TPRM report: https://www.rankiteo.com/company/dignity-health
"id": "dig014091825",
"linkid": "dignity-health",
"type": "Breach",
"date": "7/2016",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'UNKN',
'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Dominican Hospital',
'type': 'Healthcare Provider'}],
'attack_vector': 'Human Error (Improper Data Transmission)',
'data_breach': {'data_encryption': 'Yes (secured email)',
'data_exfiltration': 'Yes (transmitted via email)',
'file_types_exposed': ['Microsoft Excel workbook'],
'number_of_records_exposed': 'UNKN',
'personally_identifiable_information': ['names',
'account numbers'],
'sensitivity_of_data': 'Moderate (no SSNs, but medical and '
'account data)',
'type_of_data_compromised': ['names',
'account numbers',
'medical information']},
'date_detected': '2016-07-28',
'description': 'The California Office of the Attorney General reported that '
'Dominican Hospital experienced a data breach on July 28, '
'2016, affecting patient information. The incident involved '
'the transmission of a Microsoft Excel workbook via secured '
'email to a local health plan, potentially including '
'information for patients not associated with the health plan. '
'The breach affected an unknown number of individuals, with '
'the compromised data consisting of names, account numbers, '
'and medical information, but excluded social security '
'numbers.',
'impact': {'data_compromised': ['names',
'account numbers',
'medical information'],
'identity_theft_risk': 'Low (no SSNs compromised)'},
'post_incident_analysis': {'root_causes': ['Human error in data transmission '
'(emailing Excel workbook to '
'unauthorized recipient)']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA violation '
'(unauthorized disclosure '
'of PHI)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Dominican Hospital Data Breach (2016)',
'type': 'Data Breach'}