Sharp Health Plan

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Sharp HealthCare, a major healthcare provider in San Diego, experienced a data breach that affected approximately 62,777 patients. The breach occurred when an unauthorized party accessed a server running the Sharp.com website on January 12, 2023. The cyberattack was detected on the same day, and Sharp HealthCare’s IT team responded by taking the affected servers offline and initiating an investigation with the help of a forensic tech firm[5].

The compromised data included patient names, internal Sharp identification numbers, invoice numbers, payment amounts, and the names of the Sharp facilities receiving the payments. Importantly, the breach did not involve highly sensitive information such as bank account or credit card details, Social Security numbers, contact information, health insurance details, dates of birth, clinical information, or details about the services received[1][5][7]. Additionally, Sharp’s medical record systems and the FollowMyHealth® patient portal were not accessed during the incident[5].

The breach specifically impacted patients who used Sharp HealthCare’s online bill payment service between August 12, 2021, and January 12, 2023[1][5]. Sharp HealthCare began mailing notification letters to the affected individuals on February 3, 2023, and established a toll-free call center to address any questions from patients[1].

Sharp HealthCare has since enhanced the security tools on its website servers to prevent future breaches and continues to monitor its systems for any suspicious activity[5]. Despite the breach, there has been no indication that the stolen information has been used for nefarious purposes[1].

This incident is one of several cyberattacks on healthcare providers in the San Diego area in recent years, with previous breaches affecting Scripps Health and UC San Diego Health[1].

Citations:

  1. https://www.sandiegouniontribune.com/news/health/story/2023-02-06/sharp-notified-x-patients-of-data-breach
  2. https://www.cbs8.com/article/news/local/sharp-notifies-patients-of-data-breach/509-9e599b85-f3e1-4520-9acb-4285e20886d5
  3. https://fox5sandiego.com/video/sharp-data-breach-impacts-nearly-63k/8368201/
  4. https://oag.ca.gov/ecrime/databreach/reports/sb24-579058
  5. https://www.nbcsandiego.com/news/local/hackers-breach-sharp-healthcare-server/3161058/
  6. https://www.10news.com/news/local-news/cyber-security-expert-weighs-in-on-sharp-healthcare-data-breach
  7. https://www.securityweek.com/patient-information-compromised-in-data-breach-at-san-diego-healthcare-provider/
  8. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  9. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
  10. https://www.hipaajournal.com/hackers-compromised-sharp-healthcare-web-server-and-stole-patient-data/
  11. https://www.kpbs.org/news/health/2016/05/19/sharp-hospital-apologizes-privacy-breach-video-sti
  12. https://www.kpbs.org/news/local/2023/02/06/sharp-healthcare-notifies-patients-of-data-breach
  13. https://oag.ca.gov/privacy/databreach/list
  14. https://fox5sandiego.com/news/tech/sharp-data-breach-impacts-nearly-63000/
  15. https://www.sandiegouniontribune.com/news/health/story/2023-11-13/four-days-in-cyber-attack-continues-to-impact-tri-city-medical-center-in-oceanside
  16. https://oag.ca.gov/system/files/Sample%20Notice-%20Delta.pdf
  17. https://casetext.com/case/healthedge-software-inc-v-sharp-health-plan
  18. https://youtube.com/watch?v=iMjdx1t0L5o
  19. https://www.10news.com/news/local-news/san-diego-news/sharp-healthcare-notifies-patients-of-data-breach
Breach Submission Date Jan 08, 2024
Converted Entity Name Sharp Health Plan
Converted Entity Type Health Plan
State CA
Individuals Affected 9,255
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes