St. Joseph Health reports potential data breach

NORTH BAY -- St. Joseph Health System has alerted more than 10,000 patients in Santa Rosa, Petaluma and Napa that their personal health information records may have been searchable on the Internet.

Notices of the possible security breach were sent on Monday to 6,235 patients from Santa Rosa Memorial Hospital, two from Petaluma Valley Hospital and 4,263 patients from Queen of the Valley in Napa, the health system said. Notices were also sent to facilities in Fullerton and Mission Viejo, bringing the total number of patients affected statewide to 31,800.

"Protecting privacy is a priority of our organization and we deeply regret any concerns or inconveniences this situation will cause those we serve," said Clyde Wesp, MD, chief medical officer and chief medical information officer of St. Joseph Health System. "Patients should know we will continue to work to ensure this situation does not occur again."

The information that may have been accessed did not include Social Security numbers, addresses or financial data, according to the Orange-based health system. Data that might have been compromised more likely included patients' names and medical data such as body mass index, smoking status, blood pressure, lab results, diagnoses, medication allergies, demographic info and advance directive status.

The records at risk mostly were for inpatients who received care from February through August of last year. The data would have been available via Internet search engines from early 2011 to February 2012, the health system said.

The health system said in a statement that security settings were "incorrect" and allowed for the potential data breach. Upon discovering this, files have since been secured.

St. Joseph Health said that, while the information was accessible, it was not "readily identifiable on the Internet." Accessing the data required complex combinations of terms or extensive search. Federal law requires the hospitals to notify the media in the event of a possible data breach.

Patients affected are encouraged to call a toll-free number (877-430-5623) if they have further questions. The hospital is providing free identity-theft protection services as a precautionary measure.

Patients who believe their personal information is illegally used are advised to contact their local police department and file a complaint with the Federal Trade Commission www.ftc.gov/idtheft or at 877-ID-THEFT.

Show Comment