Sharp HealthCare has begun notifying patients that an unauthorized person breached the healthcare system's website server last month and accessed a file containing patient information.
The Jan. 12 breach of a server that runs the Sharp.com website did not include access to bank account or credit/payment card information, Social Security numbers, contact information, health insurance information, dates of birth, clinical information, department name, provider name, or information about the services received, according to a statement from Sharp HealthCare.
The breach also did not include access to Sharp's medical record systems or its "FollowMyHealth" patient portal.
"While it varied from person to person, the information contained in the file was limited to patient names, internal Sharp identification numbers and/or invoice numbers, payment amounts, and the names of the Sharp entities receiving the payments," Sharp's statement read.
Not all Sharp patients were affected, "but only those who paid a bill or invoice using the online bill payment service between Aug. 12, 2021, and Jan. 12, 2023."
Sharp said it began mailing out notification letters last Friday to those affected. A toll-free call center has also been established at 1-833-753- 3819, Monday through Friday, from 6 a.m. to 6 p.m.
The healthcare system recommended affected patients review statements they receive from their healthcare providers, and contact the provider immediately if they see charges for services they did not receive.
Sharp said its security tools on its website servers have since been "enhanced" in order to "help prevent this from happening in the future and will continue to monitor its systems to proactively identify additional safeguards."
The breach follows two others in recent years that have targeted San Diego-based healthcare systems.
UC San Diego Health was affected by a data breach that left protected information accessible in late 2020 and early 2021.
In 2021, Scripps Health was hit by a cyberattack that forced some of its system offline for several weeks and had medical personnel relying on paper records.
Related Podcast
-
San Diego’s largest healthcare provider, Sharp, began notifying more than 60,000 patients this week that cyber criminals may have their personal information.
