Sharp notifies nearly 63,000 patients of data breach - The San Diego Union-Tribune
Sharp notifies nearly 63,000 patients of data breach
The Ocean View Tower at the Sharp Chula Vista Medical Center.
The Ocean View Tower at the Sharp Chula Vista Medical Center. (Howard Lipin / The San Diego Union-Tribune)
Hackers, provider says, did not obtain bank or credit card data or Social Security numbers
BY PAUL SISSON
FEB. 6, 2023 2:33 PM PT
Facebook
Twitter
Show more sharing options
Sharp HealthCare, San Diego’s largest health provider, announced Monday that it has begun notifying 62,777 of its patients that some of their personal information was compromised during a hacking attack on the computers that run its website, sharp.com.
Stressing that the breach did not include bank account or credit card information, Social Security numbers, health insurance information, dates of birth, health records or “information about the services received,” Sharp says the type of compromised information “varied from person to person.”
“The information contained in the file was limited to patient names, internal Sharp identification numbers, and/or invoice numbers, payment amounts and the names of the Sharp entities receiving payment.”
Thus far, the provider’s statement says, there is no indication that any stolen information has been used for nefarious purposes.
The attack, Sharp adds, was focused on its website, but did not penetrate its “FollowMyHealth” patient portal.
Only patients who paid a bill using the provider’s online bill payment service between Aug. 12, 2021, and Jan. 12 were affected.
Sharp began mailing notification letters to affected customers on Friday, Feb. 3, and has set up a toll-free call center — (833) 753-3819 — which is open from 6 a.m. to 6 p.m. Monday through Friday to answer questions.
The health provider asks its patients to review previous statements they have received from their health providers and, if they see charges for services they did not receive, to contact Sharp immediately.
An upgrade of security tools on its website servers should “prevent this from happening in the future,” the company statement said.
Though it certainly will be a shock to those who have been directly affected, the Sharp incident is less severe that of two recent health care data incursions that affected Scripps Health and UC San Diego Health.
In 2021, UCSD began notifying nearly 500,000 patients affected by a phishing attack in 2020 and early 2021 that may have compromised everything from address and dates of birth to prescription information and social security numbers.
Scripps suffered its own extremely debilitating attack in May 2021 that forced its facilities to temporarily return to paper records, as many digital clinical systems became inoperable. Scripps initially said that more than 144,000 patients were affected, but added a second wave of notifications in 2022 which it did not enumerate.
Both Scripps and UCSD face class-action lawsuits due to the breaches.
The Ocean View Tower at the Sharp Chula Vista Medical Center.
The Ocean View Tower at the Sharp Chula Vista Medical Center. (Howard Lipin / The San Diego Union-Tribune)
Hackers, provider says, did not obtain bank or credit card data or Social Security numbers
BY PAUL SISSON
FEB. 6, 2023 2:33 PM PT
Show more sharing options
Sharp HealthCare, San Diego’s largest health provider, announced Monday that it has begun notifying 62,777 of its patients that some of their personal information was compromised during a hacking attack on the computers that run its website, sharp.com.
Stressing that the breach did not include bank account or credit card information, Social Security numbers, health insurance information, dates of birth, health records or “information about the services received,” Sharp says the type of compromised information “varied from person to person.”
“The information contained in the file was limited to patient names, internal Sharp identification numbers, and/or invoice numbers, payment amounts and the names of the Sharp entities receiving payment.”
Thus far, the provider’s statement says, there is no indication that any stolen information has been used for nefarious purposes.
The attack, Sharp adds, was focused on its website, but did not penetrate its “FollowMyHealth” patient portal.
Only patients who paid a bill using the provider’s online bill payment service between Aug. 12, 2021, and Jan. 12 were affected.
Sharp began mailing notification letters to affected customers on Friday, Feb. 3, and has set up a toll-free call center — (833) 753-3819 — which is open from 6 a.m. to 6 p.m. Monday through Friday to answer questions.
The health provider asks its patients to review previous statements they have received from their health providers and, if they see charges for services they did not receive, to contact Sharp immediately.
An upgrade of security tools on its website servers should “prevent this from happening in the future,” the company statement said.
Though it certainly will be a shock to those who have been directly affected, the Sharp incident is less severe that of two recent health care data incursions that affected Scripps Health and UC San Diego Health.
In 2021, UCSD began notifying nearly 500,000 patients affected by a phishing attack in 2020 and early 2021 that may have compromised everything from address and dates of birth to prescription information and social security numbers.
Scripps suffered its own extremely debilitating attack in May 2021 that forced its facilities to temporarily return to paper records, as many digital clinical systems became inoperable. Scripps initially said that more than 144,000 patients were affected, but added a second wave of notifications in 2022 which it did not enumerate.
Both Scripps and UCSD face class-action lawsuits due to the breaches.
