City of Hope

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The City of Hope in California experienced a data breach involving the theft of two password-protected computers containing patient information. Although the computers were password protected, the incident raised concerns about the potential exposure of patient data. Law enforcement did not believe the theft was targeted at obtaining patient information[1]. In a separate incident, City of Hope reported a phishing email attack that occurred in January 2016, which led to unauthorized access to the email accounts of four staff members. Three of these accounts contained protected health information such as patient names, medical record numbers, dates of birth, addresses, and other clinical information[3][7].

Following the breach, City of Hope took measures to improve security by encrypting all protected health information stored on laptops. The Office for Civil Rights (OCR) also conducted an investigation, which resulted in the medical center enhancing its physical safeguards and retraining employees[5]. The phishing attack highlighted the importance of anti-phishing training for staff to help identify and prevent similar incidents in the future[7].

Citations:

  1. https://oag.ca.gov/system/files/City%20of%20HopeSutherland%20Breach%20Notice_0.pdf
  2. https://www.linkedin.com/company/city-of-hope
  3. https://www.trendmicro.com/vinfo/it/security/news/cybercrime-and-digital-threats/cancer-treatment-center-data-breach-affects-info-of-2-2-million-patients
  4. https://www.latimes.com
  5. https://privacyrights.org/data-breaches/city-hope-national-medical-center
  6. https://www.reuters.com
  7. https://www.hipaajournal.com/email-accounts-compromised-city-of-hope-hospital-phishing-attack-3344/
  8. https://www.latimes.com/world-nation/story/2024-02-13/winter-storm-hits-northeast-causing-difficult-driving-closed-schools-and-canceled-flights
  9. https://www.businesswire.com/news/home/20140311005413/en/City-of-Hope-Responding-to-Theft-at-Billing-Contractor-That-Led-to-Potential-Privacy-Breach-for-Some-Patients
  10. https://www.cityofbuford.com
  11. https://casetext.com/case/city-of-hope-nat-med-ctr-v-genentech-inc
  12. https://www.sandiegouniontribune.com
  13. https://www.bizjournals.com/losangeles/news/2016/03/07/city-of-hope-is-l-a-s-latest-health-system-hit-by.html
  14. https://www.phoenix.gov
  15. https://www.horvitzlevy.com/city-of-hope-nat-medical-center-v-genentech-inc
  16. https://www.childrensmercy.org
Breach Submission Date Dec 12, 2023
Converted Entity Name City of Hope
Converted Entity Type Healthcare Provider
State CA
Individuals Affected 501
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes