Redwood City, Calif.-based Verity Health System is sending letters to more than 9,000 patients stating that their information may have been compromised.
On Jan. 6, Verity confirmed that between October 2015 and January 2017, an unauthorized third party accessed its Verity Medical Foundation-San Jose Medical Group website, which is no longer live.
The information accessed, which is dated between 2010 and 2014, included patients' names, addresses, dates of birth, email addresses, phone numbers, medical record numbers and the last four digits of credit card numbers. Verity said the accessed information doesn't include complete credit card information or Social Security numbers.
Verity officials said steps were immediately taken to secure the website and inform patients and authorities. The health system has set up a call center to answer patients' questions and is offering impacted patients free credit monitoring services for one year.
"Verity Health System takes the security of our patients' information seriously, and we regret this incident occurred," Verity CEO Andrei Soran said in a statement.