On September 15, Oak Valley Hospital District in California notified the state and HHS of a data security incident that began on April 21 and was first discovered on July 18.
According to its notification, a copy of which is also posted on its website, Oak Valley could not rule out the possibility of unauthorized access to files used for billing or treatment purposes. Some of those files contained patient names, Social Security numbers, health insurance information, and information regarding care with Oak Valley.
Those who have been notified were offered complimentary services via Experian® IdentityWorksSM Credit 3B service.
There was no mention in the notification of any malware or extortion demand of any kind. Nor was there any mention of whether they have searched the dark web to see if any data has shown up. A search by DataBreaches today did not find any reference to Oak Valley’s data.
The incident was reported to HHS as affecting 283,629 patients.