Dominican Hospital in Santa Cruz, Calif., is notifying patients of a data breach after a spreadsheet containing patient information was unintentionally emailed to a local health plan. The spreadsheet contained information on "an excessive number of patients, some of whom may not be covered by or associated with the health plan," according to the hospital's notification.
The spreadsheet, formatted as a Microsoft Excel workbook, was sent through Dominican Hospital's encrypted email system. It contained patient names, account numbers, admission date, length of stay, total charges, unit in which patient was seen, room number and insurance carrier name. The spreadsheet did not contain Social Security numbers or other financial information.
"The health plan is cooperating with us during the investigation and we are waiting their promised attestation that the information has been destroyed," according to the notification letter. "For that reason, we are confident that the information has not been and will not be used for fraudulent purposes."
Dominican Hospital learned of the breach July 28. The notification letter is dated Aug. 18. The breach has not been posted on HHS' Office for Civil Rights breach notification portal, and there is no indication of how many patients may have been affected.
Dominican Hospital is part of San Francisco-based Dignity Health.
More articles on data breaches:
HIMSS: Nearly a third of hospitals transmit patient data unencrypted
Orlando Health employee went through personal information of Pulse survivors, hospital says
Missing flash drives prompt breach notification at The Outer Banks Hospital