St. Joseph Health System

Under Review: 
No Review
Date Breach Made Public: 
February 15, 2012
United States
California US

Patients from the California hospitals St. Jude Medical Center, Mission Hospital, Santa Rosa Memorial Hospital, Petaluma Valley Hospital, and Queen of the Valley were affected. No single California city is listed as the breach location.

Records Breached: 

31,800 (No SSNs or financial information reported)

Breach Total Number: 
Year of Breach: 
Type of organization: 
Type of breach: 

Protected patient information may have been available on the internet for one year.  A patient's attorney contacted St. Jude officials to inform them that the information was available online. The patient health records included names, body mass index, blood pressure, lab results, smoking status, diagnoses lists, medication allergies, and demographic information such as gender, date of birth, language spoken, ethnicity, and race.  The information was removed from online and co no longer be accessed by unauthorized parties.  A total of 6,235 patients from Santa Rosa Memorial Hospital, two from Petaluma Valley Hospital, 4,263 from Queen of the Valley in Napa, and an unknown number of patients from St. Jude Medical Center in Fullerton, and Mission Hospitals in Laguna Beach and Mission Viejo were affected.

UPDATE (07/10/2012): The California Department of Public Health was still investigating Queen of the Valley Medical Center as of July 10, 2012.  Additionally, two patients who were treated at Santa Rosa Memorial Hospital, filed a class action lawsuit on behalf of the 31,800 patients who were affected.  They seek $31.8 million, or $1,000 per patient.