DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Verity Health System of California, Inc. and Verity Medical Foundation Notify Individuals and Regulatory Bodies of Data Security Incident

Posted on January 29, 2019 by Dissent

From their public notification:

[El Segundo, CA, January 25, 2019] – Although there is no evidence of the unauthorized access or use of individual health or personal information, Verity Health System of California, Inc. and Verity Medical Foundation (collectively “Verity”) are notifying potentially affected individuals that some of their personal information may have been accessed without authorization by an unknown third party.

In two incidents in late November and one in mid-January, Verity discovered that an unauthorized third party obtained access to three Verity employee’s web email accounts, including access to any emails or attachments residing in the email accounts. Within hours of learning of each incident, the Verity Information Security Team promptly terminated the unauthorized access, disabled the impacted email accounts, disconnected the devices from the network, and removed all unauthorized emails sent to affiliated employees. . Based on its investigation to date, Verity believes the access was an effort to obtain user names and passwords of other users, and has no evidence that the emails or attachments in the affected accounts were accessed, used, forwarded or sent by the third party.

Verity’s investigation determined that some of the emails and attachments residing in the email accounts accessed without authorization contained health or medical information, including, for example, names, treatment information, medical condition, billing codes, and health insurance policy numbers. Other emails and attachments contained personal information, including, for example, names, health insurance policy numbers, subscriber numbers, dates of birth, patient identification numbers, phone numbers, and addresses. Some attachments also included social security numbers and/or driver’s license numbers. Some patients from Verity Medical Foundation, and each of the Verity hospitals, namely O’Connor Hospital, St. Louise Regional Hospital, Seton Medical Center (including its Seton Coastside campus), St. Francis Medical Center, and St. Vincent Medical Center may be impacted by this incident. The affected email accounts may also have included personal or health information of some Verity employees and other third parties, including physicians and practitioners who work at these facilities.

While Verity has no evidence that any of this information has been used inappropriately and is not aware of any reports of identity theft or fraud related to these events, out of an abundance of caution, Verity is notifying potentially affected individuals to provide additional information about what happened and guidance on how they can protect themselves. Verity regrets any concern these events may cause and is providing credit monitoring services for one year free of charge to any individual whose social security number or driver’s license number was contained in the impacted web email accounts. Verity is also reporting these incidents to all appropriate regulatory bodies.

Verity remains committed to protecting the privacy and security of the health and other personal information it maintains for patients, employees, professionals, and other third parties. The organization is deploying a new mandatory training module for all employees, and has initiated a project to enhance security, including mandating password resets for all employees and disabling unknown URLs.

In addition, Verity has established a call center to answer questions and provide additional information about these events. If you would like to reach the call center, please call 877-354- 7979 from Monday through Friday, 6:00 a.m. – 6:00 p.m. (Pacific Time). Additional information is posted on Verity’s website at: www.verity.org.

The number of patients being notified was not included and the incident is not yet on HHS’s public breach tool, so this post may be updated at some point.

Category: HackHealth DataPhishingU.S.

Post navigation

← Filipino Telecom giant Globe leaks customer registration data
NJ: Addictions Recovery Provider Integrity House Notifies Individuals of Burglary of Device with PHI →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AMI Group – Travel & Tours notice of ransomware attack
  • Resource: Insider Threat reports
  • Za: Cyber extortionist sentenced to eight years in jail
  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.