REDWOOD CITY, Calif.–(BUSINESS WIRE)–Although there is no evidence that patient information was used in an
unauthorized fashion, Verity Health System is notifying more than 9,000
individuals that their personal information may have been accessed by an
unauthorized third party.
The information, dated between 2010 and 2014, includes patient names,
dates of birth, medical record numbers, addresses, email addresses,
phone numbers and the last four digits of credit card numbers. The
information does not include social security numbers or full credit card
On Jan. 6, Verity Health officials detected that an unauthorized third
party accessed the Verity Medical Foundation-San Jose Medical Group
website, which is no longer in use. The health system promptly initiated
an internal investigation and determined that the access occurred
between October 2015 and January 2017. Verity took immediate steps to
secure the website, stop any further unauthorized activity and prevent
similar incidents from happening in the future.
“Verity Health System takes the security of our patients’ information
seriously, and we regret that this incident occurred,” said Andrei
Soran, chief executive officer of the one-year-old health system. Verity
Health includes six California hospitals, the Verity Medical Foundation
and Verity Physician Network.
“We took immediate steps to investigate this incident, notify the
affected individuals and appropriate authorities, and ensure enhanced
protection of our information systems going forward,” Soran added. “We
are working with a leading cyber-security firm to further evaluate the
integrity of our information systems.”
As required by law, Verity is notifying the affected individuals by
letter. In addition, Verity is offering a call center to answer
questions, as well as credit monitoring services – free of charge – for
a period of one year.
Jenifer Olson, 407-850-8190