San Diego-based Sharp HealthCare is notifying patients that an unauthorized party has stolen files from its system after it took over the health system's website server on Jan. 12.
On Jan. 12, Sharp took its website server offline after it noticed suspicious activity on it.
The health system then launched an investigation into the incident and learned that an unauthorized person gained access to its website server for a few hours on Jan. 12, according to a breach notification from Sharp.
Sharp also learned that the unauthorized person was able to gain access to a file within its system that contained patient information such as names, internal Sharp identification numbers, invoice numbers, payment amounts, and the names of the Sharp facilities receiving the payments.
The health system said the unauthorized person did not have access to its patient portal or access to information such as Social Security numbers, credit or payment card information, contact information, health insurance information, dates of birth, clinical information, department name, provider name, or information about the services received.
Sharp said affected patients include those who paid a bill or invoice using the online bill payment service between Aug. 12, 2021, and Jan. 12, 2023.
The health system did not mention how many patients were affected, but said it is mailing letters to all affected individuals and said it has found no evidence to indicate that any of the information has been misused.