The San Francisco Department of Public Health notified 895 patients who were seen at Zuckerberg San Francisco General Hospital or Laguna Honda Hospital — both of which are part of the San Francisco Health Network — that their information may have been accessed by a former employee of a hospital vendor.
A former employee of Nuance Communications, a medical transcription service that contracts with the San Francisco Department of Public Health, breached the company's servers and accessed thousands of individuals' information from several contracted clients between Nov. 20, 2017 and Dec. 9, 2017.
Although SFDPH confirmed the data had not been misused, potentially compromised information includes patients' names, dates of birth, medical record numbers, patient numbers and information dictated by the provider such as patient conditions, assessments, diagnoses, treatment, care plans and dates of service. Social Security numbers, driver's license numbers or financial account numbers were not jeopardized.
"The most important thing for our patients to know is that all the data has been recovered and none of it was used or sold for any purpose," an SFDPH spokesperson told Becker's Hospital Review.
Director of the San Francisco Health Network Roland Pickens apologized for the incident and noted all of its "vendors are required to attest to the protection of patient privacy, as part of their contract, and we continue to audit and improve upon that process," he said in the notice.
More articles on cybersecurity:
DHS issues cybersecurity warning on Philips' CT scanners: 5 things to know
Louisiana eye surgery center notifies patients after laptop containing PHI is stolen
7k patients file HIPAA violations in the past 5 years: 5 things to know