The spreadsheet, formatted as a Microsoft Excel workbook, was sent through Dominican Hospital’s encrypted email system. It contained patient names, account numbers, admission date, length of stay, total charges, unit in which patient was seen, room number and insurance carrier name. The spreadsheet did not contain Social Security numbers or other financial information.
“The health plan is cooperating with us during the investigation and we are waiting their promised attestation that the information has been destroyed,” according to the notification letter. “For that reason, we are confident that the information has not been and will not be used for fraudulent purposes.”
Dominican Hospital learned of the breach July 28. The notification letter is dated Aug. 18. The breach has not been posted on HHS’ Office for Civil Rights breach notification portal, and there is no indication of how many patients may have been affected.
Dominican Hospital is part of San Francisco-based Dignity Health.
More articles on data breaches:
HIMSS: Nearly a third of hospitals transmit patient data unencrypted
Orlando Health employee went through personal information of Pulse survivors, hospital says
Missing flash drives prompt breach notification at The Outer Banks Hospital
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
