Two major San Jose hospitals may have been impacted by a wide-ranging cyber attack that exposed patient names, ZIP codes, phone numbers, and other private information from one of America’s largest healthcare providers.
The list of affected facilities includes Good Samaritan Hospital and Regional Medical Center, which are both owned by the Tennessee-based HCA Healthcare. The company is still determining whose information was taken in the data breach, and letters will soon be mailed to patients who had their information stolen. The hack was discovered on July 5, and a preliminary investigation revealed stolen data was taken from an HCA Healthcare computer system that handles email formatting for patients.
Other information that was exposed includes patient emails, dates of birth, gender, and appointment dates. Credit card and social security numbers were not stolen.
Other facilities in the state that may have been affected by the attack include hospitals in Riverside, Thousand Oaks, and West Hills, Calif. HCA Healthcare oversees over 200 hospitals throughout the country and the United Kingdom. The company said it will be offering free credit monitoring and identity protection services.
“In the meantime, we encourage patients to remain vigilant in identifying calls, emails or SMS texts which appear to be spam or fraudulent,” an update about the cyber attack states on HCA Healthcare’s website. “Additionally, patients should never open links or attachments sent from untrusted sources.”
The two San Jose hospitals are the latest in a string of cyber attacks that have hit organizations in the city. In May, a San Jose-based Medi-Cal provider was affected by a nationwide data breach perpetrated by a Russian-linked ransomware group, with over a quarter million patients’ sensitive information stolen. In June, a San Jose-based housing advocacy group reported 40,000 of its mostly low-income clients had their Social Security and immigration numbers swiped.