DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

St. Joseph Health notifies patients of HIPAA breach due to failure to redact patient names from file sent to investment firm

Posted on March 3, 2014 by Dissent

St. Joseph Health reports that it experienced a privacy breach on February 18 when an employee neglected to delete a tab in an Excel spread sheet that contained patients’ names before sending the data to an investment firm preparing a proposal for St. Joseph Health.  SJH’s letter to those affected explains:

St. Joseph Health provides central support services to its members including St. Joseph Home Care Network. On the evening of February 18, 2014 at 7:47 PM, we discovered that at 5:04 PM on that same day one of our employees inadvertently sent a Microsoft Excel file containing patient information to an employee at Cain Brothers, an investment firm that had requested certain de-identified information to complete a business proposal for us. By accident, our employee did not delete the file tab that included identifiable patient information. This file was not secured by technology, like encryption, that would have rendered the file unusable or unreadable by the recipient.

We discovered the issue on the same evening the email was sent and immediately contacted the recipient of the file requesting that it be deleted and not used or disclosed. The next day, we received verbal and electronic confirmation from the recipient that the file was deleted and information was neither used nor disclosed.

Although we know your information was involved in this inadvertent disclosure, we can assure you that no social security numbers, financial information (such as account or insurance numbers), or contact information were included. Rather, the following was disclosed as it may relate to services that you’ve received from St. Joseph Home Care Network between the dates of July 1, 2012 and June 30, 2013: your name, patient code (which is not your social security number or account number), referral source, referral type, admit date, termination date, admission status description, admission disposition description, and treating business unit.

The following files were submitted to California Attorney General’s breach site; they differ only in the name of the provider: St. Joseph Home Care Network,  St Joseph Health System Home Care Services, and St Joseph Health System Home Health Agency:
  • Main Patient Letter Cain Brothers Home Care Network r2prf.pdf
  • Main Patient Letter Cain Brothers St Joseph Health System Home Care Services r2prf.pdf
  • Main Patient Letter Cain Brothers St Joseph Health System Home Health Agency r2prf.pdf

No related posts.

Category: Health Data

Post navigation

← London firm at centre of hack redirecting 300,000 routers
AppleCare Insurance notifying insurance applicants after Golden Outlook agent's laptop is stolen →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records
  • Qilin claims attack on Accu Reference Medical Laboratory. It wasn’t the lab’s first data breach.
  • Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed; UK customers also affected (1)
  • Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.