Adventist Health West reports major data breach

(Kenny Goodman)

Medical provider says data was not used for illegal activity; only clients in Tulare County affected by breach

TULARE – Adventist Health recently announced it had identified a significant data breach, exposing the information of over 70,000 people in the Tulare County region who were patients of the Adventist Health West hospital in Tulare.

The breach was discovered when Signature Performance, a third-party company that processes payments, identified unusual activity on its servers. An investigation revealed that a cyberattack had compromised information; however, Adventist Health West said in a statement that the data was not used for illegal activity. 

Kiyoshi Tomono, media relations for Adventist Health West, said the group is taking every possible step to ensure that patients whose data was compromised are informed and the group is making efforts to prevent future data attack hacks.

“Our challenge is that this is a third party contractor that was hired to do billing,” Tomono said. “They have taken steps to shore up their process, but the data breach was all on their side. Since these were our patients, we have to make sure that we do right by them and informing them.”

According to the statement released by Adventist Health, Signature Performance will be contacting the individuals whose data was compromised. They said that each case involves different data, which could involve a number of different data points that could include names, addresses or other information.

Signature Performance has established a dedicated support line customers can call for information about their case. The support center can be reached at 833-566-7793 between the hours of 5 a.m and 5 p.m. PST Monday through Friday. Customers whose data was impacted will also receive a letter from SIgnature Performance detailing the incident.

Currently, Adventist Health West is reporting that only customers in Tulare County were affected. Tomono said there was no evidence that any facility other than the Tulare site was compromised.

“We want to be as responsive as we can,” Tomono said. “Obviously, privacy is a huge, huge deal in healthcare and we don’t want our patients to feel like they are left out in the cold so we are trying to be as responsive as we can and support them.”

This is not the first data breach Adventist Health West has experienced. In May 2023, the medical provider reported a data breach involving a file transfer program that was attacked. In that incident, Adventist Health West announced that data included affected individuals: name; demographic information (including address, phone number, email address, gender, date of birth); relative’s name; power of attorney’s name; health insurance number; date of service; medical facility; practitioner’s name; diagnostic study identifiers such as accession number and study UID; clinical information such as treatments provided, medication information, diagnoses, diagnostic imaging reports (no diagnostic images were impacted); and patient identifiers such as medical record number.  They did not release information on the number of victims in that attack.

In July 2020, Adventist Health in Maryland was attacked through a third party company and some records were compromised. That incident involved a cyber criminal who demanded a ransom after stealing a backup file that had information about patients and donors. According to Adventist, following negotiations, the backup file was destroyed and no data was lost.

Another incident in California involved physical records that were improperly stored in a storage unit. The unit was auctioned off and the records were discovered. Adventist Health West was ordered to pay a $40,000 fine in that data breach incident by a court in Ventura County.

It is not clear what measures Adventist Health and Signature Performance are taking in the wake of the most recent data breach or when the breach was actually discovered and reported to Adventist Health West, however Tomono said the group acted swiftly after being informed of the breach to ensure patients know what had happened. Signature Performance is providing credit checks for Adventist Health West customers impacted by the data breach free of charge.

Tomono said that he believes Adventist Health West is no longer contracting with Signature Performance as a result of the data breach.

EDITOR’S NOTE: This story was updated on June 14, 2024 at 7:45 p.m. PST to clarify that the data breach impacted only Adventist Health West branch, specifically patients of a hospital located  in the Tulare, California area, and to add statements and information from Kiyoshi Tomono, the media relations person for Adventist Health West.

Start typing and press Enter to search