Tri-City Medical Center, a San Diego medical center, recently announced a large data breach.
What happened
On October 11th, Tri-City Medical Center began notifying individuals of a data breach the organization had experienced on November 8th, 2023.
Tri-City is a large public hospital in California with over 500 physicians.
According to their data breach notice, Tri-City first detected suspicious activity on November 9th, 2023. Upon discovery, the hospital immediately opened an investigation into the incident, which determined that the network had been attacked the day prior.
The investigation concluded on September 27th, 2024, and determined that individuals had their data accessed to various degrees.
According to the investigation, accessed information may have included patient names, addresses, dates of birth, Social Security numbers, medical information, health insurance information, and treatment costs.
It’s estimated that the breach impacted 108,000 individuals.
What’s next
Tri-City said it has begun providing written notice to individuals for whom it has an address. The organization has also notified law enforcement that it has " implemented additional security measures to further minimize the risk of a similar incident occurring in the future.”
Tri-City says it currently has no reason to believe the information has been misused, but is providing access to credit monitoring.
The big picture
Every breach, no matter how small, can impact patients and organizations.
For patients, data breaches can lead to increased spam calls, emails, and texts. While this is a nuisance, breaches can also have a bigger impact if a victim’s identity is stolen. In these cases, criminals may be able to access bank accounts, credit cards, driving records, and more. As a result, victims may have their bank accounts drained, have incorrect medical records, and be forced to deal with other consequences.
Organizations can also face challenging repercussions from breaches. The costs of investigating, notifying, and improving security alone can be significant. Some hospitals have even closed down following a data breach incident. Breaches force hospitals to quickly repair their security systems, all while responding to an active incident, alerting victims, and facing intense scrutiny from the government and the public. It’s common for breaches to result in class action lawsuits, which can further impact a hospital’s financial state.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
