DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Verity Health System of California, Inc. and Verity Medical Foundation Notify Individuals and Regulatory Bodies of Data Security Incident

Posted on January 29, 2019 by Dissent

From their public notification:

[El Segundo, CA, January 25, 2019] – Although there is no evidence of the unauthorized access or use of individual health or personal information, Verity Health System of California, Inc. and Verity Medical Foundation (collectively “Verity”) are notifying potentially affected individuals that some of their personal information may have been accessed without authorization by an unknown third party.

In two incidents in late November and one in mid-January, Verity discovered that an unauthorized third party obtained access to three Verity employee’s web email accounts, including access to any emails or attachments residing in the email accounts. Within hours of learning of each incident, the Verity Information Security Team promptly terminated the unauthorized access, disabled the impacted email accounts, disconnected the devices from the network, and removed all unauthorized emails sent to affiliated employees. . Based on its investigation to date, Verity believes the access was an effort to obtain user names and passwords of other users, and has no evidence that the emails or attachments in the affected accounts were accessed, used, forwarded or sent by the third party.

Verity’s investigation determined that some of the emails and attachments residing in the email accounts accessed without authorization contained health or medical information, including, for example, names, treatment information, medical condition, billing codes, and health insurance policy numbers. Other emails and attachments contained personal information, including, for example, names, health insurance policy numbers, subscriber numbers, dates of birth, patient identification numbers, phone numbers, and addresses. Some attachments also included social security numbers and/or driver’s license numbers. Some patients from Verity Medical Foundation, and each of the Verity hospitals, namely O’Connor Hospital, St. Louise Regional Hospital, Seton Medical Center (including its Seton Coastside campus), St. Francis Medical Center, and St. Vincent Medical Center may be impacted by this incident. The affected email accounts may also have included personal or health information of some Verity employees and other third parties, including physicians and practitioners who work at these facilities.

While Verity has no evidence that any of this information has been used inappropriately and is not aware of any reports of identity theft or fraud related to these events, out of an abundance of caution, Verity is notifying potentially affected individuals to provide additional information about what happened and guidance on how they can protect themselves. Verity regrets any concern these events may cause and is providing credit monitoring services for one year free of charge to any individual whose social security number or driver’s license number was contained in the impacted web email accounts. Verity is also reporting these incidents to all appropriate regulatory bodies.

Verity remains committed to protecting the privacy and security of the health and other personal information it maintains for patients, employees, professionals, and other third parties. The organization is deploying a new mandatory training module for all employees, and has initiated a project to enhance security, including mandating password resets for all employees and disabling unknown URLs.

In addition, Verity has established a call center to answer questions and provide additional information about these events. If you would like to reach the call center, please call 877-354- 7979 from Monday through Friday, 6:00 a.m. – 6:00 p.m. (Pacific Time). Additional information is posted on Verity’s website at: www.verity.org.

The number of patients being notified was not included and the incident is not yet on HHS’s public breach tool, so this post may be updated at some point.

Related posts:

  • Verity Health System Notifies Thousands of Patients of Web Site Hack That Began in 2015
  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
  • Verity Medical Foundation discloses third incident involving access to employees’ email accounts
Category: HackHealth DataPhishingU.S.

Post navigation

← Filipino Telecom giant Globe leaks customer registration data
NJ: Addictions Recovery Provider Integrity House Notifies Individuals of Burglary of Device with PHI →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.