The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Hackers Compromised Sharp HealthCare Web Server and Stole Patient Data

Posted By on Feb 8, 2023

Sharp HealthCare in San Diego has recently notified almost 63,000 patients that some of their personal and protected health information has potentially been stolen in a recent cyberattack on its web server. Sharp HealthCare detected the cyberattack on January 12, 2023, and immediately shut down the web server while the incident was investigated. A third-party digital forensics company was engaged to investigate and determine the nature and scope of the incident and confirmed that an unauthorized third party successfully compromised the web server that powered the sharp.com website for a few hours on January 12. During that time the third party downloaded a file that contained patient data.

Sharp HealthCare stressed that the FollowMyHealth patient portal was not accessed, and no highly sensitive information was exposed or stolen. Financial information, contact information, dates of birth, Social Security numbers, health insurance information, or medical information were not accessed or stolen in the attack. The affected individuals had previously visited the website and paid medical bills online between August 12, 2021, and January 12, 2023. Sharp HealthCare said the information in the stolen file varied from patient to patient and included names, internal identification numbers, invoice numbers, payment amounts, and the names of the Sharp HealthCare facilities that received those payments.

Notification letters were sent to the 62,777 affected individuals on February 3, 2023. Credit monitoring services are not being offered due to the limited nature of the stolen information. Sharp HealthCare said no reports of actual or attempted misuse of patient data have been received and that, as a precaution, affected individuals should review the statements they receive from their healthcare providers and should report any charges for healthcare services that have not been received. Sharp HealthCare said it has upgraded the security tools on its website to prevent similar breaches in the future and constantly monitors its IT systems for suspicious activity.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist