Verity Health is notifying more than 10,000 patients that their personal information may have been accessed during a hack of a website operated by the system's physicians group.
The breach, described in a news release as “an unauthorized third-party” access, occurred between October 2015 and January 2017 and affected a website for the Verity Medical Foundation-San Jose Medical Group.
Personally identifiable information was dated from between 2010 and 2014. It included patients' names, birth dates, street and email addresses, phone numbers and the last four digits of credit card numbers.
The Verity breach was about four times larger than the median data release of 2,300 patient records of the more than 1,300 incidents publicly reported to the federal government. Verity reported that the breach involved 10,164 individuals' records.
Redwood, Calif.-based Verity Health was created in late 2015 through the takeover of the Daughters of Charity Health System by BlueMountain Capital Management, a private investment firm.