$100 Million awarded Since 1994 6,000 Satisfied Clients

Posted On April 19, 2023 Consumer Privacy & Data Breaches

John Muir Health Data Breach Leads to Exposure of Protected Health Information for Walnut Creek Medical Center Patients

NOTICE: If you received a NOTICE OF DATA BREACH letter from John Muir Health, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.

Data Breach AlertApril 19 – John Muir Health (JMH) reported a data breach to the California Attorney General on April 13, 2023, after discovering that sensitive patient information had been compromised due to an error. According to the company’s official report, as a consequence of the event, a third party gained access to the protected health information of some of the company’s customers. Once it was determined that customer information had been compromised, JMH immediately started notifying those whose personal information had been compromised.

Console & Associates, P.C., data breach lawyers, are now looking into the John Muir Health Walnut Creek Medical Center hack. If you have received a breach notice, we are happy to meet with you for free to explore your legal options and answer any questions you may have.

More Information About John Muir Health

Walnut Creek, California is home to John Muir Health, an established healthcare provider. Walnut Creek Medical Center and Concord Medical Center, two major hospitals in Contra Costa County, are both part of John Muir Health. John Muir Health’s Behavioral Health Center in Concord, California, is a 73-bed psychiatric hospital that also provides inpatient and outpatient behavioral health treatments. John Muir Health Walnut Creek Medical Center first opened its doors in 1997, and since then, it has grown to employ over 6,000 people and produce income of almost $1.3 billion annually.

Information About the John Muir Health Walnut Creek Medical Center Breach

The corporation filed with the California Attorney General on July 1, 2021, claiming that on that day, a JMH Walnut Creek Medical Center employee built a website that led to an Excel file containing patient information. This webpage aimed to improve internal communication around the usage of certain medical equipment. On March 22, 2023, JMH was made aware of the website and the fact that it provided access to protected patient data. Disabling access to the website occurred on March 24, 2023.

When JMH heard about the event, they decided to look into it. The inquiry found that between September 28, 2022 and March 23, 2023, no unauthorized parties accessed the patient data. But JWH couldn’t completely rule out hacking between July 1, 2021 and September 27, 2022.

Once John Muir Health Walnut Creek Medical Center learned that private patient information had fallen into the wrong hands, an investigation into the breach’s scope and scope commenced. Individuals’ personal information, including protected health information, may have been compromised in this incident.

John Muir Health Walnut Creek Medical Center notified all patients whose personal information was exposed on April 13, 2023, through letters detailing the data breach.

What Can Hackers Do With My Protected Health Information?

If you get a data breach notification from John Muir Health Walnut Creek Medical Center, it implies that your personal information, possibly including protected health information, may have been disclosed to a third party without your knowledge or consent. You might be wondering what they can even do with your protected health information.

However, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) specifies that only certain pieces of information are exempt from disclosure. Names, birth dates, medical record numbers, account numbers, addresses, Social Security numbers, and a total of 18 unique identifiers are all examples of protected information.

With this data in hand, hackers may commit any number of crimes or even sell it on the dark web for others to utilize. Medical identity theft refers to the fraudulent use of a person’s personal information to obtain medical services on their behalf. That might cause you to rack up medical expenses that weren’t your responsibility and can muck up your diagnostic and prescription records.

If You Have Been Affected by John Muir Health Data Breach, Console & Associates, P.C. Can Help

The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the John Muir Health data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.

Below is a portion of the letter sent out to affected individuals:

Dear [Redacted],

We are writing to notify you of a recent incident that involves the potential inappropriate disclosure of your individually identifiable health information (“health information”). The information did not include any financial information, such as a Social Security or credit card number.


 On March 22, 2023, the John Muir Health (“JMH”) Privacy Office was notified that in an effort to facilitate more efficient communication among staff about use of certain medical devices, a staff member at the JMH Walnut Creek Medical Center (located at 1601 Ygnacio Valley Road, Walnut Creek, CA), created a website that linked to an excel file containing patient information. The staff member did not realize that the information could have been accessible to individuals outside of JMH. The website was created and published on July 1, 2021. The website was intended to centralize key information for the department staff (e.g., vendor sites, ordering forms, and equipment information) and included a link to an external excel file containing identifiable patient information. JMH staff used this information to reconcile vendor invoices. On March 23, 2023, the link to the excel file was disabled by the vendor and on March 24, 2023, the website was decommissioned. JMH has confirmed that no external 3rd party viewed the patient identifiable information contained in the excel file between the period of September 28, 2022 – March 23, 2023 (date the link was disabled by the vendor). However, because of limited audit records, JMH is unable to determine whether any external party may have accessed the information between July 1, 2021 – September 27, 2022.

File Contents – No Financial Information

Based on our review, we discovered that the file contained your name, facility, room, diagnosis/condition, and dates. The information did not include any financial information, such as a Social Security or credit card number. We have no reason to believe that this information could be used in a harmful manner, and we have no reason to believe it was viewed by anyone outside of JMH. We do, however, understand that this notice may cause you concern.

Steps You Can Take

We encourage you to always remain vigilant for fraud and identity theft by regularly reviewing your account statements and monitoring free credit reports. If you discover any suspicious or unusual activity on your accounts or suspect fraud, be sure to report it immediately to your financial institutions. In addition, you may contact the Federal Trade Commission (“FTC”) and/or the Attorney General’s office in your home state to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft.

NOTICE: If you received a NOTICE OF DATA BREACH letter from John Muir Health, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.