The following is Castro Valley Health’s notification. It sounds like they may make learned about this�years-long exposure incident from HHS/OCR after someone notified HHS. The incident is not yet on HHS’s public breach tool. June 5 — Castro valley Health, Inc. has become aware of a data security incident that may have involved some personal information of former patients. Castro Valley Health is sending notifications to the potentially involved individuals to notify them of this incident and provide resources to assist them. Below is a copy of the notification: Castro Valley Health takes the concealment and tribute of your personal information very seriously. We are authorship to inform you of a recent data certificate incident that may experience involved some personal information. Please review the info provided in this letter for steps that you may take to protect yourself against any potential misuse of your information. If after reading this letter you uphold to have questions or concerns, you may call the toll-free number at the bottom of this letter during habitue business hours. What Happened: The incident occurred when certain information about Castro valley Health patients inadvertently was transferred during 2016-2017 to a third-party website called Docker Hub. Castro Valley Health first became aware of this incident on april 21, 2020, and promptly removed the information from the Docker Hub site. The transferred information was heavily coded and therefore not readable without significant decoding. What Information Was Involved: The information that was transferred to the Docker Hub site included: patient names, an submission that said �Start of care – admission Visits,� the nominate of the nurse, physical therapist, or speech therapist who admitted the patient, the address at which the patient visit was to occur, the patient�s appointment of birth, medical register number, and the scratch of attention date. What information Was NOT Involved: The information did not include Social Security numbers, driver�license numbers, tax id numbers or cant account information. Importantly, the info also did not include clinical or diagnostic information, notes, plans or orders. Castro valley Health Response: Castro Valley health began investigating the incident immediately after learning of it. We make no info at this time indicating anyone has used any of the patient information from the Docker Hub website, or that anyone other than the individual who alerted the department of Health and Human Services to the situation ever has viewed the information. We are taking extra steps in addition to our existing policies to precaution your information, including renewed preparation and employee orientation, conducting additional internal security audits and risk assessments and enhancing our policies and procedures. Additional Steps You May wish To Take: Steps you may wishing to take include: get current copies of your medical records from your healthcare providers and medical insurer and brushup them for any incorrect personal information or unauthorized treatments, procedures or prescriptions; monitor any medical notices and activity on your accounts; and Place�fraud alerts or credit freezes�on your accounts to prevent or discourage you if anyone without your authorization tries to open an account in your name. You can check your credit reports at�annualcreditreport.com from any one of the three major credit bureaus � Equifax, Experian, and TransUnion � and place a dupery alert on your credit report. Their impinging information is below: Equifax: 1-888-548-7878 TransUnion: 1-800-916-8800 Experian: 1-888-397-3742 If you have reason to believe that your Medicare or Medicaid info is being improperly used,�report that online�or call 800-HHS-TIPS. For More Information: We sincerely excuse for this incident and regret any inconvenience it may cause you. Should you hold questions or concerns regarding this matter, please call 1-888-688-2497 toll-free during regular business. Source: Castro valley health via GlobalNewsWire
