Data breach impacts nearly 900 hospital patients in SF

May 15, 2018

The personal information of nearly 900 San Francisco Department of Public Health patients was accessed without authorization in November and December, health officials said.

A former employee of Nuance Communications, a Massachusetts-based company contracted to provide medical transcription records, accessed personal information of 895 patients, health officials said.

The information was accessed from November 20 to December 9, and belonged to patients who visited the San Francisco Health Network, the Health Department’s system of hospitals and clients, according to health officials.

The information included name, date of birth, medical record number, patient number, and information dictated by the provider such as patient condition, assessment, diagnosis, treatment, care plan, and date of service, health officials said.

The information didn’t include Social Security numbers, driver’s license numbers, or financial account numbers.

The department waited to inform the patients until May 11 at the request of the FBI and the U.S. Department of Justice, according to health officials.

Health officials said the Justice Department informed Nuance that it does not appear that any of the information was sold or used for any purpose, and all the data has been recovered from the former employee.

San Francisco Examiner has the story