Open Accessibility Menu
Hide
Salinas
Emergency Room
Urgent Care Locations Near You
URGENT CARE / ER CHECK-IN

Notice of data breach

  • Category: News
  • Posted On:
Notice of data breach

Notice to patients and employees: Certain SVMHS e-mail accounts were affected by a security incident. Learn more.

At Salinas Valley Memorial Healthcare System (SVMHS), we understand that the confidentiality and security of medical and personal information is critically important, and we are committed to protecting it. The purpose of this post is to notify patients and employees of a recent cyber incident that affected SVMHS and may have resulted in a compromise of certain emails containing medical or personal information.

What Happened

On April 30, 2020, SVMHS determined that the email account of one of its employees had been compromised. On May 7, 2020 and June 5, 2020 respectively, SVMHS subsequently determined that email accounts of a contractor and three other employees were also compromised. These five email accounts were compromised through Outlook Web Access, SVMHS’s browser-based email access solution.

Based on our review of the emails within the compromised inboxes, we determined that certain emails containing personal information was present in one of the inboxes. Our investigation to date has suggested, however, that the unauthorized person(s) only had access to the inboxes for a matter of hours before we disabled access to the accounts. We also have no evidence at this time to suggest that the unauthorized person(s) viewed, retrieved or copied any medical or personal information. Nonetheless, as a precaution, SVMHS has sent letters by mail to patients and employees whose personal information may have been in the compromised inboxes.

What Information Was Involved

The personal information in the inboxes affected included names, hospital account numbers, medical record numbers, and information such as service location and attending physician’s information. The personal information in the inboxes affected did not include social security, driver’s license or bank account numbers.

What We Are Doing

We disabled access and then reset the passwords to the affected email accounts. We have also taken other steps to try to prevent similar incidents in the future. As an extra precautionary measure, SVMHS has provided potentially affected individuals with access to identity theft protection services for one year at no charge. Instructions for enrolling in credit monitoring were included in the notification letters and can also be obtained by calling the toll-free number listed below.

What You Can Do

SVMHS advises patients and employees to remain vigilant by regularly reviewing their account statements, monitoring free credit reports, and reporting to their financial institutions any suspicious activity. Patients and employees may obtain a free copy of their credit report online at www.annualcreditreport.com, by calling toll-free (877) 322-8228, or by mailing an Annual Credit Report Request Form (available at www.annualcreditreport.com) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281.

For More Information

SVMHS has made available a toll-free number for patients and employees to call if they have any questions or wish to obtain additional information, (855) 347-6555. The hotline operating hours are from 6am to 6pm PST, Monday through Friday, and 8am to 5pm PST, Saturday and Sunday, excluding major holidays.

SVMHS takes the confidentiality and security of medical and personal information very seriously and will continue to take steps to prevent a similar incident from occurring in the future.