DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UPDATED: Dignity Health units disclose breaches in Arizona, Nevada, and California affecting more than 60,000 patients

Posted on June 4, 2018 by Dissent

Last month, Dignity Health reported breaches to HHS that involved three of their hospitals in Nevada:  Dignity Health St. Rose Dominican Hospitals – San Martin (1764 patients); Dignity Health St. Rose Dominican Hospitals – Siena (2078 patients), and Dignity Health St. Rose Dominican Hospitals-DeLima (2174 patients). The incident involved the hospitals providing documentation to an unnamed local contractor that they had used for years to process court-related health documents. Through a clerical error, the contract had not been renewed, so for a while,  there was no contract in place although the hospitals continued to provide patient information to the contractor. The contractor handled the materials properly despite the lack of contract, and the contract renewal went through to restore the contractual relationship.

But the Nevada reports were not the only breaches the health system has recently reported.  Dignity Health St. Joseph’s Hospital and Medical Center in Arizona recently identified a data breach incident and is notifying patients whose records may have been compromised. According to a statement on their web site:

As part of St. Joseph’s commitment to the security of its patients, the hospital consistently reviews employees’ access to electronic medical records. As a result, the hospital has identified that from October 13, 2017 through March 29, 2018, a hospital employee viewed portions of 229 patient medical records without a business reason to do so.

Information that may have been viewed included certain demographic information, including name and date of birth, and clinical data such as nurses’ or doctors’ notes and diagnostic information. Because the information viewed did not include Social Security, billing or credit card information, the hospital has no reason to believe these patients need to take any action to protect themselves against identity theft.

Dignity Health St. Joseph’s Hospital and Medical Center is deeply committed to protecting its patients. Any person who accesses medical records without a job-related reason is in violation of St. Joseph’s policy and appropriate action has been taken in response to this event.

St. Joseph’s regrets any inconvenience caused by this incident. Letters have been mailed to patients whose medical records may have been viewed and the hospital has established a call center to answer any questions they may have. Individuals who were patients at St. Joseph’s between October 13, 2017 and March 29, 2018 and have questions, can call 877.406.9191.

Because fewer than 500 patients were affected, that incident does not appear on HHS’s public breach tool.

But what does appear on HHS’s breach tool is a recent incident involving Dignity Health in California that reportedly involved 55,947 patients. That incident is coded as “Unauthorized Access/Disclosure” involving email, which might indicate a hacking or phishing incident, but it is not totally clear. DataBreaches.net has reached out to Dignity Health to request clarification as to what happened in that incident. This post will be updated when I obtain some clarification on the incident.

UPDATE:  Dignity Health sent me the following statement about the breach affecting 55,947 patients:

SAN FRANCISCO, CA – June 4, 2018 – On April 24th, 2018, Dignity Health,
including its affiliates Dignity Health Medical Group Nevada, LLC, and Dignity Health Medical Foundation, discovered that an email list formatted by Healthgrades, one of its business associates, contained a sorting error. This error resulted in Dignity Health inadvertently sending misaddressed emails to a group of patients, informing them of a new online appointment scheduling tool. Immediately upon learning of the incident on April 25th, Dignity Health and Healthgrades launched a comprehensive investigation.

Dignity Health and Healthgrades have taken immediate steps to notify the affected patients. Patients with questions or concerns should call 1-877-802-1959. Dignity Health and Healthgrades investigated and corrected the problem and the companies are putting appropriate steps in place so that it will not happen again.

Each misdirected email was sent to only one person. The emails contained the wrong patient’s name and, in some cases, his or her physician’s name. No other information was included in the email. Importantly, there was no financial, insurance, or medical information included.

All of us at Dignity Health and Healthgrades take our responsibility to protect patients’ personal and medical information very seriously. We sincerely regret that this error happened and any concern or confusion it may have caused.

Related posts:

  • NC: Lexington Medical Center discloses vendor’s patient records data breach
  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
  • TX: St. Joseph Health System Confirms Hacking Incident Affecting 405,000 Patients, Employees, and Beneficiaries (updated)
Category: Health DataInsiderOtherSubcontractorU.S.

Post navigation

← Medical records for more than 600 patients stolen from Moran Eye Center
UK: Hospital data leak “regrettable”, says NHS Trust director →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.