Hayward Sisters Hospital d/b/a St. Rose Hospital

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Hayward Sisters Hospital, doing business as St. Rose Hospital, experienced a significant data breach that was first detected on November 29, 2022, with the unauthorized access occurring on November 18, 2022. The breach involved the exfiltration of sensitive files from the hospital’s computer network by an unauthorized party. The compromised information included patients’ names, Social Security numbers, dates of birth, email addresses, and home addresses. In response to this incident, St. Rose Hospital initiated an investigation with the help of third-party computer forensic specialists to determine the extent of the breach and the specific information that was compromised. Following the investigation, the hospital began sending out data breach notification letters on January 12, 2023, to all individuals whose information was affected by this security incident[1][5].

St. Rose Hospital, located in Hayward, California, is a community hospital that was founded in 1953. It offers a wide range of healthcare services, including emergency care, diagnostic imaging, cardiology, orthopedics, rehabilitation, surgery, and has a 17-bed Family Birthing Center. The hospital has a total of 217 beds and delivers over 1,300 babies per year. It employs more than 522 people and generates approximately $100 million in annual revenue[1].

In the aftermath of the breach, St. Rose Hospital took several steps to address the situation and prevent future incidents. These measures included securing their systems, conducting a full investigation, and implementing additional security measures. The hospital also cooperated with federal law enforcement in their investigation of the incident. To assist those affected by the breach, St. Rose Hospital offered complimentary access to Experian IdentityWorksSM for 12 months, providing services such as credit monitoring and identity theft protection. The deadline for enrolling in these services was set for January 31, 2024[3].

The breach at St. Rose Hospital is part of a larger trend of cyberattacks targeting healthcare providers, which have become increasingly common due to the valuable patient information these organizations hold. Healthcare providers are urged to take heightened precautions to safeguard patient data and prevent similar incidents[1].

For more detailed information or assistance regarding the breach, affected individuals were encouraged to contact St. Rose Hospital’s dedicated assistance line[3].

Citations:

  1. https://www.jdsupra.com/legalnews/hayward-sisters-hospital-d-b-a-st-rose-5641330/
  2. https://healthitsecurity.com/news/maryland-hospital-suffers-ransomware-attack
  3. https://oag.ca.gov/system/files/St.%20Rose%20Hospital%20-%20Sample%20Notice.pdf
  4. https://www.cbc.ca/news/canada/new-brunswick/serena-perry-s-family-sues-saint-john-regional-hospital-1.2537311
  5. https://www.turkestrauss.com/2023/01/17/st-rose-hospital-data-breach-investigation/
  6. http://ago.vermont.gov/document/2023-08-03-hayward-sisters-hospital-dba-st-rose-hospital-data-breach-notice-consumers
  7. https://www.databreaches.net/more-data-leaked-from-st-rose-hospital-ransomware-incident/
  8. https://www.databreaches.net/st-rose-hospital-patient-data-appears-on-hacking-forum/
  9. https://www.scmagazine.com/analysis/third-party-administrator-hack-leads-to-theft-of-patient-data-for-over-251k
  10. https://casetext.com/admin-law/hayward-sisters-hospital-dba-st-rose-hospital
Breach Submission Date Jan 27, 2023
Converted Entity Name Hayward Sisters Hospital d/b/a St. Rose Hospital
Converted Entity Type Healthcare Provider
State CA
Individuals Affected 501
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes