The protected health information of patients at four Stanford hospitals was compromised because of a data breach that affected the hospital's behavioral and mental health service provider Brightline.
Patients in Stanford's group health plans, who have dependents under the age of 18, had their protected health information compromised after Brightline was affected by a security breach at cybersecurity firm Fortra.
Health plan members at Palo Alto, Calif.-based Stanford Health Care; Pleasanton, Calif.-based Stanford Health Care Tri-Valley, Palo Alto, Calif.-based Stanford Medicine Children's Health, Castro Valley, Calif.-based Stanford Medicine Partners; and Palo Alto, Calif.-based Stanford University were affected by the breach.
Stanford said most of the information compromised was "demographic in nature," and included the following: names, contact information, member IDs, dates of birth and coverage information, according to an April 7 breach notification from Stanford.
On April 7, Brightline began notifying all impacted individuals.
Stanford did not mention how many were affected.
The Forta cybersecurity incident has also impacted Franklin, Tenn.-based Community Health Systems; Birmingham, Ala.-based Grandview Medical Center; Huntsville, Ala.-based Crestwood Medical Center; Dothan, Ala.-based Flowers Hospital; Gadsden (Ala.) Regional Medical Center; Medical Center Enterprise (Ala.); and Foley, Ala.-based South Baldwin Regional Medical Center.