Verity Health System, a six-hospital system in Redwood City, Calif., is notifying an undisclosed number of individuals to a potential exposure of their protected health information stemming from three incidents.
Four things to know:
1. Verity officials discovered an unauthorized third party had gained access to three employees' email accounts in two instances in November and one in mid-January.
2. The health system's IT team was able to terminate the unauthorized access within hours of each incident, and it has no evidence that the emails or the attachments they contained were accessed or misused.
3. Potentially compromised information included: names, treatment information, medical condition, billing codes, health insurance policy numbers, subscriber numbers, dates of birth, patient identification numbers, phone numbers and addresses. For a limited number of individuals, Social Security numbers and driver's license numbers may have been compromised.
4. "Verity regrets any concern these events may cause and is providing credit-monitoring services for one year free of charge to any individual whose Social Security number or driver’s license number was contained in the impacted web email accounts. Verity is also reporting these incidents to all appropriate regulatory bodies," the health system's notice states.