Houston-based St. Luke's Health is notifying patients about a third-party data breach at consulting services vendor Adelanto Healthcare Ventures that resulted in the protected health information of 16,906 patients to be compromised.
On Sept. 1, the vendor notified St. Luke's that two of its employee email accounts were compromised by an unknown party on Nov. 5, 2021, according to an Oct. 28 breach notification from the health system.
The email accounts contained patient information such as names, addresses, dates of birth, Social Security numbers, dates of service, medical record numbers, Medicaid numbers, and limited information about treatment and diagnosis.
Adelanto Healthcare Ventures said it has found no indication that the information has been misused, but St. Luke's said it will conduct an additional investigation into the incident.
The health system is working to notify affected patients and in some cases will offer free credit monitoring.
This event does not impact St. Luke's parent company, Chicago-based CommonSpirit Health, nor is it related to the ongoing ransomware attack affecting CommonSpirit and its affiliates, according to the breach notification.