Data breach affects nearly 900 patients from San Francisco hospital.
The personal information of nearly 900 patients of San Francisco General Honda hospitals was breached.
It happened after a former employee of one of the hospitals’ vendors got unauthorized access to the data.
The data included patients’ names, dates of birth, medical record numbers, and details of their medical conditions, diagnoses, treatment, and care plans.
It did not include Social Security numbers, driver’s license numbers, or financial account numbers.
Read more in SF Chronicle. This was an insider-wrongdoing breach where an employee of their transcription service provider, Nuance Communications in Massachusetts, reportedly also accessed patient information from other clients as well. If the name “Nuance” sounds familiar, it may be because they lost almost $100 million in a NotPetya attack last year.
The following notice was posted on the San Francisco Public Health Department home page yesterday:
Vendor security incident: unauthorized access of medical record information
No evidence that personal information has been used for any purpose
SAN FRANCISCO (May 11, 2018) — The San Francisco Department of Public Health today informed 895 patients of a security incident involving personal information handled by a third-party medical transcription service. The transcriptions covered visits to the San Francisco Health Network, the Health Department’s system of hospitals and clinics.
The incident happened at Nuance Communications, a Massachusetts-based company contracted to provide medical transcription services. The information was accessed last year from November 20 to December 9. Notification to patients was delayed at the request of the FBI and the U.S. Department of Justice, pending their criminal investigation into the incident. The investigation determined that a former Nuance employee breached Nuance’s servers and accessed the personal information of thousands of individuals from several contracted clients, including the San Francisco Department of Public Health. The Justice Department has informed Nuance that it does not appear that any of the information taken was used or sold for any purpose and that all of the data have been recovered from the former employee.
The information accessed included personal data such as name, date of birth, medical record number, patient number, and information dictated by the provider such as patient condition, assessment, diagnosis, treatment, care plan, and date of service.
The incident did not include information such as Social Security number, Driver’s License number, or financial account numbers.
</p><p>Source: <a href="https://www.databreaches.net/data-breach-affects-nearly-900-patients-from-two-san-francisco-hospitals/">https://www.databreaches.net/data-breach-affects-nearly-900-patients-from-two-san-francisco-hospitals/</a></p><figure class="kg-card kg-image-card"><img src="https://blog.rankiteo.com/content/images/2022/07/aver_SAN11624722.png" class="kg-image" alt loading="lazy" width="1438" height="736" srcset="https://blog.rankiteo.com/content/images/2022/07/aver_SAN11624722.png 600w, https://blog.rankiteo.com/content/images/2022/07/aver_SAN11624722.png 1000w, https://blog.rankiteo.com/content/images/2022/07/aver_SAN11624722.png" sizes="(min-width: 720px) 720px"></figure>
"id": "SAN11624722",
"linkid": "san-francisco-general-hospital",
"type": "Breach",
"date": "05/2018",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"