Valle del Sol, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Valle del Sol, Inc., a non-profit healthcare provider based in Phoenix, Arizona, experienced a significant data breach that affected the personal and health information of approximately 70,000 patients. The breach was first detected on January 25, 2022, when Valle del Sol discovered unusual network activity. An investigation revealed that an unauthorized actor may have accessed sensitive data, including names, Social Security numbers, driver’s license numbers, dates of birth, health insurance information, and medical details such as clinical or diagnosis information, medical record numbers, and Medicare or Medicaid numbers[4][5][6].

Valle del Sol began notifying affected individuals on October 5, 2022, and offered free credit monitoring services through Experian for 12 months, including dark web monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services[9]. They also advised patients to place a fraud alert on their credit reports and to monitor their accounts for any signs of unauthorized activity[6].

In response to the breach, Valle del Sol has taken steps to strengthen their security protocols to prevent future incidents. Despite the breach, there was no indication that the exposed personal health information (PHI) had been misused at the time of the notifications[6]. Valle del Sol expressed regret for the incident and emphasized that the privacy and protection of personal information are top priorities for the organization[6].

Citations:

  1. https://www.hipaajournal.com/70000-valle-del-sol-community-health-patients-cyberattack/
  2. https://ago.vermont.gov/sites/ago/files/2023-01/2022-10-05-Valle-Del-Sol-Data-Breach-Notice-to-Consumers.pdf
  3. https://www.barchart.com/story/news/10594358/valle-del-sol-provides-notification-of-data-security-incident
  4. https://www.turkestrauss.com/2022/10/12/valle-del-sol-data-breach-investigation/
  5. https://healthitsecurity.com/news/keystone-health-data-breach-impacts-phi-of-235k-individuals
  6. https://www.hipaanswers.com/over-70000-patient-records-exposed-in-valle-del-sol-community-cyberattack/
  7. https://www.einnews.com/pr_news/594448085/valle-del-sol-provides-notification-of-data-security-incident
  8. http://www.aclu.org/cases/valle-del-sol-v-whiting-et-al
  9. https://apps.web.maine.gov/online/aeviewer/ME/40/37e91787-6744-4dbf-bccf-d0bdd4bb75fc.shtml
  10. https://stacker.com/arizona/biggest-health-care-data-breaches-you-should-know-about-arizona
  11. https://casetext.com/case/valle-del-sol-inc-v-whiting-3
Breach Submission Date Oct 05, 2022
Converted Entity Name Valle del Sol, Inc.
Converted Entity Type Healthcare Provider
State AZ
Individuals Affected 70,268
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes