DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CA: Castro Valley Health notifies patients after learning that patient data had been improperly transferred to Docker Hub

Posted on June 6, 2020 by Dissent

The following is Castro Valley Health’s notification. It sounds like they may have learned about this years-long exposure incident from HHS/OCR after someone notified HHS. The incident is not yet on HHS’s public breach tool. 

June 5 — Castro Valley Health, Inc. has become aware of a data security incident that may have involved some personal information of former patients. Castro Valley Health is sending notifications to the potentially involved individuals to notify them of this incident and provide resources to assist them. Below is a copy of the notification:

Castro Valley Health takes the privacy and protection of your personal information very seriously. We are writing to inform you of a recent data security incident that may have involved some personal information.

Please review the information provided in this letter for steps that you may take to protect yourself against any potential misuse of your information. If after reading this letter you continue to have questions or concerns, you may call the toll-free number at the bottom of this letter during regular business hours.

What Happened: The incident occurred when certain information about Castro Valley Health patients inadvertently was transferred during 2016-2017 to a third-party website called Docker Hub. Castro Valley Health first became aware of this incident on April 21, 2020, and promptly removed the information from the Docker Hub site. The transferred information was heavily coded and therefore not readable without significant decoding.

What Information Was Involved: The information that was transferred to the Docker Hub site included: patient names, an entry that said “Start of Care – Admission Visits,” the name of the nurse, physical therapist, or speech therapist who admitted the patient, the address at which the patient visit was to occur, the patient’s date of birth, medical record number, and the start of care date.

What Information Was NOT Involved: The information did not include Social Security numbers, driver license numbers, Tax ID numbers or bank account information. Importantly, the information also did not include clinical or diagnostic information, notes, plans or orders.

Castro Valley Health Response: Castro Valley Health began investigating the incident immediately after learning of it. We have no information at this time indicating anyone has used any of the patient information from the Docker Hub website, or that anyone other than the person who alerted the Department of Health and Human Services to the situation ever has viewed the information.

We are taking extra steps in addition to our existing policies to safeguard your information, including renewed training and employee orientation, conducting additional internal security audits and risk assessments and enhancing our policies and procedures.

Additional Steps You May Wish To Take: Steps you may wish to take include:

  1. Get current copies of your medical records from your healthcare providers and medical insurer and review them for any incorrect personal information or unauthorized treatments, procedures or prescriptions;
  2. Monitor any medical notices and activity on your accounts; and
  3. Place fraud alerts or credit freezes on your accounts to prevent or warn you if anyone without your authority tries to open an account in your name.

    You can check your credit reports at annualcreditreport.com from any one of the three major credit bureaus – Equifax, Experian, and TransUnion – and place a fraud alert on your credit report.  Their contact information is below:

    Equifax:           1-888-548-7878

    TransUnion:     1-800-916-8800

    Experian:         1-888-397-3742

If you have reason to believe that your Medicare or Medicaid information is being improperly used, report that online or call 800-HHS-TIPS.

For More Information: We sincerely apologize for this incident and regret any inconvenience it may cause you. Should you have questions or concerns regarding this matter, please call 1-888-688-2497 toll-free during regular business.

Source: Castro Valley Health via GlobalNewsWire

Category: Health Data

Post navigation

← Amidst A Pandemic, New York Quietly Implements Its Enhanced Data Security Law
San Francisco Employees’ Retirement System notifies employees of contractor breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.