Associated Incidents
Technology service provider Serviceaide said that a data security incident caused by a misconfigured database last year compromised the sensitive personal information of over 480,000 patients affiliated with Catholic Health.
Headquartered in San Jose, California, Serviceaide provides digital services and information technology support management for its clients including Catholic Health.
In a data security incident notice published on its website, Serviceaide said that on November 15, it discovered confidential information from its Catholic Health Elasticsearch database had been unintentionally exposed to the public.
Serviceaide immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to promptly secure the exposed database.
"The investigation determined that between September 19, 2024 and November 5, 2024, certain patient information was publicly available. Please note, the investigation did not identify any evidence that information was copied, but we are unable to rule out this type of activity," Serviceaide said.
The compromised data included names, Social Security numbers, dates of birth, medical record numbers, patient account numbers, medical information, health insurance information, prescription & treatment information, clinical information, provider names, provider locations, and email/usernames and passwords.
The incident was reported to the U.S. Department of Health and Human Services Office for Civil Rights where Serviceaide said it has identified at least 483,126 individuals impacted by the incident.
While Serviceaide found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.
It has also offered one year of complimentary identity protection and credit monitoring services to all affected individuals.