Sharp HealthCare in San Diego has recently notified almost 63,000 patients that some of their personal and protected health information has potentially been stolen in a recent cyberattack on its web server. Sharp HealthCare detected the cyberattack on January 12, 2023, and immediately shut down the web server while the incident was investigated. A third-party digital forensics company was engaged to investigate and determine the nature and scope of the incident and confirmed that an unauthorized third party successfully compromised the web server that powered the sharp.com website for a few hours on January 12. During that time the third party downloaded a file that contained patient data.
Sharp HealthCare stressed that the FollowMyHealth patient portal was not accessed, and no highly sensitive information was exposed or stolen. Financial information, contact information, dates of birth, Social Security numbers, health insurance information, or medical information were not accessed or stolen in the attack. The affected individuals had previously visited the website and paid medical bills online between August 12, 2021, and January 12, 2023. Sharp HealthCare said the information in the stolen file varied from patient to patient and included names, internal identification numbers, invoice numbers, payment amounts, and the names of the Sharp HealthCare facilities that received those payments.
Notification letters were sent to the 62,777 affected individuals on February 3, 2023. Credit monitoring services are not being offered due to the limited nature of the stolen information. Sharp HealthCare said no reports of actual or attempted misuse of patient data have been received and that, as a precaution, affected individuals should review the statements they receive from their healthcare providers and should report any charges for healthcare services that have not been received. Sharp HealthCare said it has upgraded the security tools on its website to prevent similar breaches in the future and constantly monitors its IT systems for suspicious activity.
The post Hackers Compromised Sharp HealthCare Web Server and Stole Patient Data appeared first on HIPAA Journal.