Sharp Health Plan
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Sharp HealthCare, a major healthcare provider in San Diego, experienced a data breach that affected approximately 62,777 patients. The breach occurred when an unauthorized party accessed a server running the Sharp.com website on January 12, 2023. The cyberattack was detected on the same day, and Sharp HealthCare’s IT team responded by taking the affected servers offline and initiating an investigation with the help of a forensic tech firm[5].
The compromised data included patient names, internal Sharp identification numbers, invoice numbers, payment amounts, and the names of the Sharp facilities receiving the payments. Importantly, the breach did not involve highly sensitive information such as bank account or credit card details, Social Security numbers, contact information, health insurance details, dates of birth, clinical information, or details about the services received[1][5][7]. Additionally, Sharp’s medical record systems and the FollowMyHealth® patient portal were not accessed during the incident[5].
The breach specifically impacted patients who used Sharp HealthCare’s online bill payment service between August 12, 2021, and January 12, 2023[1][5]. Sharp HealthCare began mailing notification letters to the affected individuals on February 3, 2023, and established a toll-free call center to address any questions from patients[1].
Sharp HealthCare has since enhanced the security tools on its website servers to prevent future breaches and continues to monitor its systems for any suspicious activity[5]. Despite the breach, there has been no indication that the stolen information has been used for nefarious purposes[1].
This incident is one of several cyberattacks on healthcare providers in the San Diego area in recent years, with previous breaches affecting Scripps Health and UC San Diego Health[1].
Citations:
- https://www.sandiegouniontribune.com/news/health/story/2023-02-06/sharp-notified-x-patients-of-data-breach
- https://www.cbs8.com/article/news/local/sharp-notifies-patients-of-data-breach/509-9e599b85-f3e1-4520-9acb-4285e20886d5
- https://fox5sandiego.com/video/sharp-data-breach-impacts-nearly-63k/8368201/
- https://oag.ca.gov/ecrime/databreach/reports/sb24-579058
- https://www.nbcsandiego.com/news/local/hackers-breach-sharp-healthcare-server/3161058/
- https://www.10news.com/news/local-news/cyber-security-expert-weighs-in-on-sharp-healthcare-data-breach
- https://www.securityweek.com/patient-information-compromised-in-data-breach-at-san-diego-healthcare-provider/
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
- https://www.hipaajournal.com/hackers-compromised-sharp-healthcare-web-server-and-stole-patient-data/
- https://www.kpbs.org/news/health/2016/05/19/sharp-hospital-apologizes-privacy-breach-video-sti
- https://www.kpbs.org/news/local/2023/02/06/sharp-healthcare-notifies-patients-of-data-breach
- https://oag.ca.gov/privacy/databreach/list
- https://fox5sandiego.com/news/tech/sharp-data-breach-impacts-nearly-63000/
- https://www.sandiegouniontribune.com/news/health/story/2023-11-13/four-days-in-cyber-attack-continues-to-impact-tri-city-medical-center-in-oceanside
- https://oag.ca.gov/system/files/Sample%20Notice-%20Delta.pdf
- https://casetext.com/case/healthedge-software-inc-v-sharp-health-plan
- https://youtube.com/watch?v=iMjdx1t0L5o
- https://www.10news.com/news/local-news/san-diego-news/sharp-healthcare-notifies-patients-of-data-breach