DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CA: Castro Valley Health notifies patients after learning that patient data had been improperly transferred to Docker Hub

Posted on June 6, 2020 by Dissent

The following is Castro Valley Health’s notification. It sounds like they may have learned about this years-long exposure incident from HHS/OCR after someone notified HHS. The incident is not yet on HHS’s public breach tool. 

June 5 — Castro Valley Health, Inc. has become aware of a data security incident that may have involved some personal information of former patients. Castro Valley Health is sending notifications to the potentially involved individuals to notify them of this incident and provide resources to assist them. Below is a copy of the notification:

Castro Valley Health takes the privacy and protection of your personal information very seriously. We are writing to inform you of a recent data security incident that may have involved some personal information.

Please review the information provided in this letter for steps that you may take to protect yourself against any potential misuse of your information. If after reading this letter you continue to have questions or concerns, you may call the toll-free number at the bottom of this letter during regular business hours.

What Happened: The incident occurred when certain information about Castro Valley Health patients inadvertently was transferred during 2016-2017 to a third-party website called Docker Hub. Castro Valley Health first became aware of this incident on April 21, 2020, and promptly removed the information from the Docker Hub site. The transferred information was heavily coded and therefore not readable without significant decoding.

What Information Was Involved: The information that was transferred to the Docker Hub site included: patient names, an entry that said “Start of Care – Admission Visits,” the name of the nurse, physical therapist, or speech therapist who admitted the patient, the address at which the patient visit was to occur, the patient’s date of birth, medical record number, and the start of care date.

What Information Was NOT Involved: The information did not include Social Security numbers, driver license numbers, Tax ID numbers or bank account information. Importantly, the information also did not include clinical or diagnostic information, notes, plans or orders.

Castro Valley Health Response: Castro Valley Health began investigating the incident immediately after learning of it. We have no information at this time indicating anyone has used any of the patient information from the Docker Hub website, or that anyone other than the person who alerted the Department of Health and Human Services to the situation ever has viewed the information.

We are taking extra steps in addition to our existing policies to safeguard your information, including renewed training and employee orientation, conducting additional internal security audits and risk assessments and enhancing our policies and procedures.

Additional Steps You May Wish To Take: Steps you may wish to take include:

  1. Get current copies of your medical records from your healthcare providers and medical insurer and review them for any incorrect personal information or unauthorized treatments, procedures or prescriptions;
  2. Monitor any medical notices and activity on your accounts; and
  3. Place fraud alerts or credit freezes on your accounts to prevent or warn you if anyone without your authority tries to open an account in your name.

    You can check your credit reports at annualcreditreport.com from any one of the three major credit bureaus – Equifax, Experian, and TransUnion – and place a fraud alert on your credit report.  Their contact information is below:

    Equifax:           1-888-548-7878

    TransUnion:     1-800-916-8800

    Experian:         1-888-397-3742

If you have reason to believe that your Medicare or Medicaid information is being improperly used, report that online or call 800-HHS-TIPS.

For More Information: We sincerely apologize for this incident and regret any inconvenience it may cause you. Should you have questions or concerns regarding this matter, please call 1-888-688-2497 toll-free during regular business.

Source: Castro Valley Health via GlobalNewsWire

Category: Health Data

Post navigation

← Amidst A Pandemic, New York Quietly Implements Its Enhanced Data Security Law
San Francisco Employees’ Retirement System notifies employees of contractor breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.