Verity Health is notifying more than 10,000 patients that their personal information may have been accessed during a hack of a website operated by the system's physicians group.
The breach, described in a news release as “an unauthorized third-party” access, occurred between October 2015 and January 2017 and affected a website for the Verity Medical Foundation-San Jose Medical Group.
Personally identifiable information was dated from between 2010 and 2014. It included patients' names, birth dates, street and email addresses, phone numbers and the last four digits of credit card numbers.
The Verity breach was about four times larger than the median data release of 2,300 patient records of the more than 1,300 incidents publicly reported to the federal government. Verity reported that the breach involved 10,164 individuals' records.
“We took immediate steps to investigate this incident, notify the affected individuals and appropriate authorities, and ensure enhanced protection of our information systems going forward,” said CEO Andrei Soran in the news release. “We are working with a leading cybersecurity firm to further evaluate the integrity of our information systems.”
Redwood, Calif.-based Verity Health includes six California hospitals, the Medical Foundation and Verity Physician Network.
Verity was created in late 2015 with the takeover of the Daughters of Charity Health System by BlueMountain Capital Management, a private investment firm.