The San Francisco Department of Public Health on Friday informed 895 patients of a security breach involving personal information handled by a third-party medical transcription service. Officials added that there was no evidence that any personal information had been used for any purpose.
The transcriptions covered visits to the San Francisco Health Network, the Health Department’s system of hospitals and clinics.
Patients were seen at Zuckerberg San Francisco General Hospital or Laguna Honda Hospital.
The breach took place at Nuance Communications, a Massachusetts-based company contracted to provide medical transcription services. The information was accessed last year from Nov. 20 to Dec. 9.
“Notification to patients was delayed at the request of the FBI and the U.S. Department of Justice, pending their criminal investigation into the incident,” health officials said. “The investigation determined that a former Nuance employee breached Nuance’s servers and accessed the personal information of thousands of individuals from several contracted clients, including the San Francisco Department of Public Health.”
The Justice Department said that it does not appear that any of the information taken was used or sold for any purpose. All the data has been recovered from the former employee.
The information accessed include personal data such as name, date of birth, medical record number, patient number, and information dictated by the provider such as patient condition, assessment, diagnosis, treatment, care plan and date of service.
The incident did not include information such as social security number, driver's License number or financial account numbers.
“The San Francisco Department of Public Health is committed to maintain the privacy of our patients and takes its responsibility to address privacy incidents seriously,” said Roland Pickens, Director of the San Francisco Health Network. “We sincerely apologize for any inconvenience or concern that this situation may cause. All of our vendors are required to attest to the protection of patient privacy, as part of their contract, and we continue to audit and improve upon that process.”
San Francisco Health Network patients with questions can contact the Health Department’s Privacy Office toll free at (855)-729-6040 and reference “Nuance” or #2017-122 in the message.