NewsLocal News

Actions

Cyber security expert weighs in on Sharp HealthCare data breach

Sharp said nearly 63,000 patients were impacted
Sharp HealthCare sign
Posted

SAN DIEGO (KGTV) - Sean Curry, who had his and his wife’s information compromised in 2021 with the Scripps Health hack, reflected on how he felt the moment they found out they were hit.

“You hear about this stuff, but when they were actually personal to you, now it’s like oh my goodness,” Curry said. “I was looking at it and they had a lot of sensitive information. Thank goodness we didn’t get affected. In other words, nobody stole anything, but it’s such a hassle.”

Now, another hospital system - Sharp HealthCare - letting nearly 63,000 patients something similar happened last month.

The healthcare provider says some patients’ personal information was compromised during a hacking attack on the computers that run its website, Sharp.com.

“It looks like they left back door open because it says someone got in,” Winnie Callahan, a cyber security expert, said.

Callahan is a cyber security expert that’s worked with the federal government and universities. She told ABC 10News that it looks like Sharp had the much-needed risk management system seeing as Sharp says it took the impacted server offline and identified the perpetrator.

But there’s one question that remains with this breach for Callahan.

“How the person got in? Was it someone that actually worked in the organization? Was it carelessness on the part of someone leaving something open and walking away from their desk? There’s any number of ways,” Callahan said.

Sharp sent letters to those impacted patients who paid bills online from August 12, 2021, to January 12, 2023, on Friday.

In a statement, Sharp HealthCare said, in part, “The information did not include bank account or credit/payment card information, Social Security numbers, contact information, health insurance information, dates of birth, clinical information, department name, provider name, or information about the services received.”

“Next to having it happen, nothing is more important than not reaching out right away,” Callahan said.

Sharp said it’s going to have a dedicated phone line open to those effected patients.

“They may just have your name. Put those alerts on and use the free services. It’s worth your time. Yes, it’s a hassle but do it. I mean it’s just peace of mind,” Curry said.