DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CA: Castro Valley Health notifies patients after learning that patient data had been improperly transferred to Docker Hub

Posted on June 6, 2020 by Dissent

The following is Castro Valley Health’s notification. It sounds like they may have learned about this years-long exposure incident from HHS/OCR after someone notified HHS. The incident is not yet on HHS’s public breach tool. 

June 5 — Castro Valley Health, Inc. has become aware of a data security incident that may have involved some personal information of former patients. Castro Valley Health is sending notifications to the potentially involved individuals to notify them of this incident and provide resources to assist them. Below is a copy of the notification:

Castro Valley Health takes the privacy and protection of your personal information very seriously. We are writing to inform you of a recent data security incident that may have involved some personal information.

Please review the information provided in this letter for steps that you may take to protect yourself against any potential misuse of your information. If after reading this letter you continue to have questions or concerns, you may call the toll-free number at the bottom of this letter during regular business hours.

What Happened: The incident occurred when certain information about Castro Valley Health patients inadvertently was transferred during 2016-2017 to a third-party website called Docker Hub. Castro Valley Health first became aware of this incident on April 21, 2020, and promptly removed the information from the Docker Hub site. The transferred information was heavily coded and therefore not readable without significant decoding.

What Information Was Involved: The information that was transferred to the Docker Hub site included: patient names, an entry that said “Start of Care – Admission Visits,” the name of the nurse, physical therapist, or speech therapist who admitted the patient, the address at which the patient visit was to occur, the patient’s date of birth, medical record number, and the start of care date.

What Information Was NOT Involved: The information did not include Social Security numbers, driver license numbers, Tax ID numbers or bank account information. Importantly, the information also did not include clinical or diagnostic information, notes, plans or orders.

Castro Valley Health Response: Castro Valley Health began investigating the incident immediately after learning of it. We have no information at this time indicating anyone has used any of the patient information from the Docker Hub website, or that anyone other than the person who alerted the Department of Health and Human Services to the situation ever has viewed the information.

We are taking extra steps in addition to our existing policies to safeguard your information, including renewed training and employee orientation, conducting additional internal security audits and risk assessments and enhancing our policies and procedures.

Additional Steps You May Wish To Take: Steps you may wish to take include:

  1. Get current copies of your medical records from your healthcare providers and medical insurer and review them for any incorrect personal information or unauthorized treatments, procedures or prescriptions;
  2. Monitor any medical notices and activity on your accounts; and
  3. Place fraud alerts or credit freezes on your accounts to prevent or warn you if anyone without your authority tries to open an account in your name.

    You can check your credit reports at annualcreditreport.com from any one of the three major credit bureaus – Equifax, Experian, and TransUnion – and place a fraud alert on your credit report.  Their contact information is below:

    Equifax:           1-888-548-7878

    TransUnion:     1-800-916-8800

    Experian:         1-888-397-3742

If you have reason to believe that your Medicare or Medicaid information is being improperly used, report that online or call 800-HHS-TIPS.

For More Information: We sincerely apologize for this incident and regret any inconvenience it may cause you. Should you have questions or concerns regarding this matter, please call 1-888-688-2497 toll-free during regular business.

Source: Castro Valley Health via GlobalNewsWire


Related:

  • Two more entities have folded after ransomware attacks
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • North Country Healthcare responds to Stormous's claims of a breach
  • Texas Enacts Electronic Health Record Data Localization Law
Category: Health Data

Post navigation

← Amidst A Pandemic, New York Quietly Implements Its Enhanced Data Security Law
San Francisco Employees’ Retirement System notifies employees of contractor breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.