Skip to main content
Back
San Juan Medical Center

San Juan Medical Center Data Breach (2020)

San Juan Medical Center

lowVERIS
Disclosed

September 7, 2020

2027 days ago

Records

500

Confirmed

Root Cause

Hacking

Industry

Healthcare

Description

FARMINGTON — A Farmington hospital has reported a data breach to its network in Fall 2020 that impacted more than 500 patients whose personal information was taken. The hospital said in a statement there is no evidence of any personal information being misused from the data breach. San Juan Regional Medical Center sent out letters dated June 4 to patients stating a “recent data security incident” may have involved their personal information. San Juan County COVID-19 vaccine tracker:45% of people fully vaccinated The letter states on Sept. 8, 2020, the hospital identified unauthorized access to its computer network. Patient account numbers, medical record numbers and medical diagnosis/medical treatment information was obtained. “San Juan Regional Medical Center is committed to maintaining the privacy of personal information in their possession and have taken many precautions to safeguard it,” the hospital said in an emailed statement. The impacted information of more than 500 patients included: Names Dates of birth Social Security numbers Driver’s license numbers Financial account numbers Health insurance information Medical information The information was taken from billing records or documents related to billing. The hospital’s electronic medical record system was not impacted. Those billing records sometimes contain information tied to a patient’s treatment or medical diagnosis. The patient account number is an internal number that is used to match a patient with billing services. To date, we have no evidence that any of the personal information has been misused. The notification letters were sent to make individuals aware of the incident and provide guidance on what individuals can do to further protect themselves,” the hospital said in a statement. More:State agency reports positive economic news for San Juan County A third-party cybersecurity team of professionals investigated and completed an analysis of the attack. It was determined an “unauthorized individual” removed information from the network on Sept. 7 and 8, according to the letter.