California-based Salinas Valley Memorial Healthcare System (SVMHS) has notified patients and employees of a cyber-attack potentially compromising their personal data.
Salinas Valley Memorial Healthcare System Reports Email Hack
1 min read Premium comments
Secondary#cyberattacks#salinasvalleymemorialhealthcaresystem
In April 2020, SVMHS detected that an employee’s email account had been compromised. Over the next two months, four other email accounts were exposed, three belonging to employees and one belonging to a contractor. Its investigation revealed that the unauthorized person(s) only had access to the inboxes for a few hours.
In response, SVMHS disabled access and reset passwords to the compromised email accounts. SVMHS indicated it was taking other preventative measures but did not provide specific details in its notice to patients and employees.
The hospital sent letters to notify its employees and patients that exposed information may have included: names, hospital account numbers, medical record numbers, service location, and attending physician’s information. In its notice, SVMHS explicitly stated that the personal data did not include social security numbers, driver’s license numbers, or bank account numbers.
SVMHS does not have any evidence at this time that the “unauthorized person(s) viewed, retrieved or copied any medical or personal information.” However, it is still providing potentially affected individuals the option to enroll in a year of identity theft protection services for free.
Founded in 1953, SVMHS serves individuals throughout Monterey County. It has over 300 physicians and more than 1,800 employees. Its broad service offerings include orthopedic surgeries such as total joint replacements, anterior cruciate ligament (ACL) reconstruction, and spinal surgery.
Data continues to be vulnerable as reports of data breaches become more commonplace. Healthcare data breaches of 500 or more records are reported to the Department of Health and Human Services. The Office for Civil Rights is currently investigating 45 California data breaches from the past 24 months.
For OTW’s recent coverage of data breach issues, see “Ozark Orthopaedics Data Breach Exposes Over 15,000 Patients” and “Victims Can Sue Ortho Clinics if Data Hacked.”
React:
Discussion
This is a fascinating development. In my practice we've seen similar outcomes with the revised protocol. The key differentiator seems to be patient selection criteria. Has anyone else noticed the correlation with BMI thresholds?
Great point. I'd push back slightly on the conclusion, the sample size in the cited study is too small to draw population-level inferences. That said, the directional signal is compelling and worth a larger RCT.
We implemented a similar approach last year. Early results are promising but we're still gathering 12-month follow-up data. Happy to share our protocol if anyone is interested.
Join the conversation
Orthopedic professionals are discussing this. Sign in and upgrade to read every comment and add your voice.