Posted On January 16, 2023 Consumer Privacy & Data Breaches
January 16, 2023 – Hayward Sisters Hospital, doing business as St. Rose Hospital, filed a notice of data breach on January 12, 2023 with the California Attorney General’s office after discovering that confidential patient information had been accessed and removed from the hospital’s computer system. According to the filing, patient information that was accessed included full names, dates of birth, home addresses, Social Security numbers, and email addresses. Once the leak was confirmed, St. Rose sent out notification letters to all individuals affected by it.
Data breach lawyers at Console & Associates, P.C. are actively investigating the data breach at St. Rose Hospital. If you have received a breach notification, your information may not be in the hands of those looking to commit identity theft or fraud. We are offering free consultations to all those who want to learn about their next steps, what they can do to protect themselves in the future, and whether St. Rose can be held financially liable for damages caused by the breach. If you recently received a NOTICE OF DATA BREACH from COMPANY, contact us at (866) 778-5500 to discuss your legal options, or submit a confidential contact form for a free case evaluation.
St. Rose Hospital is a community hospital that provides emergency care, orthopedic, cardiology, surgery, and rehabilitation services. Originally founded in 1953 in Hayward, California, St. Rose Hospital now has 217 beds, including a 17-bed Family Birthing, and delivers an average of 1,300 babies annually. The hospital employs more than 522 people and generates approximately $100 million in revenue annually.
The information provided is from St. Rose Hospital’s filing with the California Attorney General. According to the filing, St. Rose discovered suspicious activity on the hospital’s computer network. As a result, the hospital launched an investigation into the security incident to determine what, if any, information had been leaked with the help of forensic specialists.
After confirming that there had been an incident of unauthorized access on November 18, 2022, St. Rose Hospital reviewed the files and determined that patients’ full names, dates of birth, home addresses, Social Security numbers, and email addresses were leaked.
On January 12, 2023, St. Rose Hospital sent out letters to all individuals whose sensitive information had been compromised.
St. Rose Hospital can also be considered a victim of the breach because hackers gained unauthorized access to the hospital’s computer system and leaked the information. But they were also the ones responsible for securing your information. People wouldn’t give a second thought to giving sensitive information to a hospital, trusting them to ensure its security. However, hackers were able to access it. If during the course of the investigation, it is discovered that St. Rose Hospital was negligent in securing your information, they could be held financially responsible for any damages incurred as a result of the attack.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the St. Rose Hospital data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent out to affected individuals:
Hayward Sisters Hospital d/b/a St. Rose Hospital (“St. Rose Hospital”) is writing to supplement the December 29, 2022, preliminary notice that you received regarding an incident that occurred on our systems which has impacted the privacy of some of your personal information. We sincerely apologize that this incident occurred, and are providing you with information about the incident, our response to it, and resources we are making available to you to help protect your information, should you wish to do so.
What Happened? On or around November 29, 2022, St. Rose Hospital discovered suspicious activity on our computer systems. In response, we immediately took steps to secure our systems and initiated an investigation into the nature and scope of the event with the assistance of third-party computer forensic specialists. The investigation determined that an unknown actor gained access to certain computer systems on our network and acquired certain files from those systems on or about November 18, 2022. We identified the affected files and conducted a thorough review of the files in order to identify whether any personal information is contained therein and to whom that information relates. Although our investigation to determine the full extent of information that is contained in the affected files is ongoing, our review has determined that the affected files contained personal information relating to you.
What Information Was Involved? Our review determined that the following types of information may have been present in the affected files that were accessed and acquired by the unauthorized actor: your name, Social Security number, date of birth, e-mail address, and home address. Although there is no evidence that your information was actually viewed by the unauthorized actor, we are unable to rule out this possibility. At this time, we are not aware of any actual or attempted fraudulent misuse of your information as a result of this incident. If after our further investigation we identify any additional information relating to you we will supplement this notice to inform you of the additional information.
What We Are Doing. The confidentiality, privacy, and security of personal information is among St. Rose Hospital’s highest priorities, and we have strict security measures in place to protect information in our care. Upon becoming aware of this incident, we immediately took steps to secure our systems and perform a full investigation. We have implemented additional security measures to further protect against similar incidents moving forward. Federal law enforcement is aware of this incident, and we are cooperating with their investigation.
Additionally, we are offering credit monitoring and identity theft protection services for 12 months through Experian, at no cost to you. The deadline to enroll in these services is January 31, 2024. Please note that you will not be automatically enrolled in these services. Should you wish to do so, you will need to enroll yourself in these services, as we are not able to do so on your behalf. You may find instructions on how to enroll in these services in the enclosed Steps You Can Take to Help Protect Personal Information.
What You Can Do. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and monitoring your free credit reports for suspicious activity and to detect errors. You may also review the information contained in the enclosed Steps You Can Take to Help Protect Personal Information. There you will also find more information on the complimentary credit monitoring and identity theft protection services we are making available to you.
For More Information. We understand that you may have questions about this incident that are not addressed in this letter. If you have additional questions or need assistance, please call our dedicated assistance line at (833) 420-2863 between the hours of 6:00 a.m. to 8:00 p.m. Pacific time, Monday through Friday, or 8:00 a.m. to 5:00 p.m. Pacific time, Saturday and Sunday. This excludes all major U.S. holidays. Please be prepared to provide an engagement number [Redacted]. You may also write to St. Rose Hospital at 27200 Calaroga Avenue, Hayward, CA 94545.
We sincerely regret any inconvenience or concern this incident may cause you. Protecting your information is very important to us, and we remain committed to safeguarding the information in our care.