Patients of Sharp HealthCare got some concerning news Monday when the provider informed them that some of the business’s servers had been hacked and patient information was stolen.
Sharp said it first detected the cyberattack on Jan. 12, after which its IT team took the potentially affected servers offline and engaged a forensic tech firm that aided it in its investigation. The probe determined that a server had been infiltrated for “a few hours” on the date that the suspicious activity was noticed and that the hacker or hackers were able to gain access to a file with patient information in it.
The people whose information was hacked all used online bill pay between Aug. 12, 2021, and Jan. 12, 2023. A representative for Sharp told NBC 7 that personal information about 62,777 was seized in the cyberattack.
According to a “Notice of data privacy event” to patients posted on Sharp’s website, the file held different information on different patients, but the data was “limited to patient names, internal Sharp identification numbers and/or invoice numbers, payment amounts and the names of the Sharp facilities receiving the payments.”
The healthcare provider stressed that the following personal information was not taken in the breach:
- Bank account or credit/payment card information
- Social Security numbers
- Contact information
- Health insurance information
- Dates of birth
- Clinical information
- Department name
- Provider name
- Information about the services received
Sharp, which is mailing notifications to everyone whose data was compromised, said the hackers did not access its medical records or its FollowMyHealth® patient portal.
Any patients who want to discuss the breach should call 833-753-3819, Monday through Friday, from 6 a.m. to 6 p.m. Pacific Time.
“We regret any concern or inconvenience this incident may cause and remain committed to protecting the confidentiality and security of our patients’ information,” Sharp said in the notice. “We have enhanced the security tools on our website servers to help prevent this from happening in the future, and will continue to monitor our systems to proactively identify additional safeguards.”
Two other San Diego County healthcare providers have been hacked in recent years as well. In spring 2021, Scripps was targeted by a cyberattack that took down its technology systems with ransomware. Later that year, cybercriminals targeted UCSD Health Care email accounts.