Multiple Phishing Attacks Hit California’s Verity Health System

Jan. 29, 2019

The Redwood City, Calif.-based Verity Health System and Verity Medical Foundation are notifying patients that some of their personal information may have been accessed without authorization by an unknown third party.

According to a notice from the organization dated Jan.25, in two incidents in late November and one in mid-January, Verity discovered that an unauthorized third party obtained access to three Verity employee’s web email accounts, including access to any emails or attachments residing in the email accounts.

Although the unauthorized access was terminated by a security team, Verity officials do believe the access was an effort to obtain user names and passwords of other users. But at the same time, the organization says it has no evidence that the emails or attachments in the affected accounts were accessed, used, forwarded or sent by the third party.

The health system contains six hospitals—as well as Verity Physician Network and Verity Medical Foundation—and has approximately 8,000 associations and physicians.

According to Verity’s investigation, officials determined that some of the emails and attachments residing in the email accounts accessed without authorization contained health or medical information, including, for example, names, treatment information, medical condition, billing codes, and health insurance policy numbers. Other emails and attachments contained personal information, including, for example, names, health insurance policy numbers, subscriber numbers, dates of birth, patient identification numbers, phone numbers, and addresses, officials reported.

Patients from Verity Medical Foundation, in San Jose, and each of the Verity hospitals, namely O’Connor Hospital, St. Louise Regional Hospital, Seton Medical Center (including its Seton Coastside campus), St. Francis Medical Center, and St. Vincent Medical Center, may have been impacted.

“While Verity has no evidence that any of this information has been used inappropriately and is not aware of any reports of identity theft or fraud related to these events, out of an abundance of caution, Verity is notifying potentially affected individuals to provide additional information about what happened and guidance on how they can protect themselves,” the notice read.

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?