Patients’ personal data breached at 2 S.F. hospitals
The personal information of nearly 900 patients of San Francisco General and Laguna Honda hospitals was breached after a former employee of one of the hospitals’ vendors got unauthorized access to the data, the San Francisco Public Health Department said Friday.
The data included patients’ names, dates of birth, medical record numbers and details of their medical conditions, diagnoses, treatment and care plans. It did not include Social Security numbers, driver’s license numbers or financial account numbers, according to officials with the health department, which runs the health network that includes the two hospitals.
The information of 895 patients was accessed between Nov. 20 and Dec. 9, and the patients involved have been notified, officials said.
“We sincerely apologize for any inconvenience or concern that this situation may cause,” Roland Pickens, director of the San Francisco Health Network, said in a statement. “All of our vendors are required to attest to the protection of patient privacy, as part of their contract, and we continue to audit and improve upon that process.”
The data were accessed by a former employee of Nuance Communications, a Massachusetts company contracted to do medical transcription services. That same person also accessed similar patient information from other clients, officials said.
The San Francisco Public Health Department is continuing its contract with Nuance, which has strengthened its cybersecurity and cooperated with law enforcement’s investigation of the breach, according to a Health Department spokeswoman.
The U.S. Department of Justice investigated the incident and said the patient information did not appear to be used or sold, and that the data has been recovered from the former employee.
Nuance did not immediately return a request seeking comment Friday.
In 2014, medical records for 56,000 patients at San Francisco General and other city-run clinics were breached after computers containing the information were stolen from Sutherland Healthcare Solutions, a billing company with which the hospital contracted.
Patients of the San Francisco Health Network who have questions can call the Health Department’s privacy hotline at 1-855-729-6040 and reference “Nuance” or “#2017-122” in the message.