Patient info may have been revealed in Saint Alphonsus cyberattack

Saint Alphonsus Medical Center-Ontario is pictured in September of 2019.


A regional health system with four main hospitals which serve more than 30 million people across 22 states is alerting its patients about a cyberattack in which it is believed patients’ personal information may have been compromised.

According to a news release from Saint Alphonsus Health System on Thursday afternoon, Trinity Health and Saint Alphonsus, say an employee email account “may have been subject to unauthorized access between Jan. 4 and Jan. 6.” As soon as the activity was noticed, the email account was secured and other measures were taken, according to the release. Those measures included re-training employees in an effort to avoid being involved in future cyberattacks.

Through further investigation, officials were “unable to specifically determine what, if any, emails may have been viewed during the timeframe,” however the following type of information may have been available: “Patients’ full name, address, telephone number, date of birth, email, and medical information such as medical record number, treatment information and billing information,” reads the release. “In some cases, social security numbers may also have been accessible.”

Officials believe this was an isolated incident and that there was no misuse of information within the account, however, patient security remains a high priority.

As such, “out of an abundance of caution, credit monitoring and an information call center are being offered to all affected patients,” states the release. Additionally, the entities have started notifying individual patients about the incident per federal regulations.

“Trinity Health and Saint Alphonsus are committed to protecting health information of all our patients through significant investments in a strong security program that includes a dedicated cybersecurity team, 24/7/365 monitoring and testing of security controls,” concludes the release.

When the newspaper requested more information, including the location of the facility where the email was compromised and why two months passed before the public was notified, a spokesperson directed us to a ‘Privacy Incident Details’ page located at the bottom of the website in red letters. The information requested is not included on that page.

Load comments