CYBERATTACK: Oak Valley Hospital Data Stolen, Harder Demands More Protections for Patients

WASHINGTON – Today, Representative Josh Harder (CA-9) is demanding more protections for patients and their private medical information following a recent data breach at Oak Valley Hospital District. An undisclosed number of families had their sensitive information stolen and now are at risk of becoming victims of identity theft. It sometimes takes years for people to figure out their identities have been stolen and these types of incidents can require credit score monitoring and other protections indefinitely. Rep. Harder is calling on the Secretary of Health and Human Services (HHS) to increase cybersecurity resources for small and mid-size hospitals so they can keep patient records safe.

“It’s terrifying that families had their private data and medical information stolen. Cyber thieves are getting rich off of stealing our data and we can’t let them get away with it,” said Rep. Harder. “That’s why I’m pushing to get our small and rural hospitals more help to stop cyberattacks. Anyone who believes their information may have been stolen in this data breach should receive a notification from the hospital with details and next steps. If you have been the victim of identity theft, resources are available at IdentityTheft.gov.”

The attack at Oak Valley Hospital District is part of a disturbing and growing trend – across the country, there were more than 220 cyberattacks on hospitals in the first half of this year. That represents an increase of more than 400% since 2022. Many San Joaquin County residents are patients at the hospital in Oakdale, which announced its investigation into this security incident last month, days before a separate ransomware attack on a California-based health care system disrupted health services across multiple states. The hospital said that stolen files included patient names, health insurance information, and other health care details. The Social Security numbers of some patients may also have been accessed. Oak Valley says they are in the process of contacting patients who were affected. Anyone who thinks they might be the victim of identity theft should visit IdentityTheft.gov for more resources.

Read the letter HERE or below:

Dear Secretary Becerra,

I write today to urge you to help small and rural hospitals invest in robust cybersecurity protections.

More than 220 cyberattacks have been reported over the first half of 2023, impacting more than 36 million Americans. One of these cyberattacks targeted a hospital in Oakdale, California that serves my constituents. As you know, successful cyberattacks can shut down critical I.T. systems, disrupt emergency services, and impede patient care. These hacks also endanger patient safety by exposing personal health data and private information thefts to attackers, who use this information to commit identity theft and unlawfully seek medical services.

With numerous access points, aging cybersecurity systems, and a large database of sensitive patient health information, the health care industry continues to be a highly vulnerable target. The frequency of cyberattacks will keep rising, and institutions will need to make massive investments into cybersecurity. Smaller, rural hospitals, like the ones that serve my constituents, simply do not have the money to make this sort of investment. If we intend to treat cyberattacks as the patient safety issue that it is, the federal government must help smaller institutions invest in cybersecurity technology. I urge you to consider all measures, including grant programs, financial incentives, and additional technical assistance to remove this financial burden. 

I appreciate your attention to this issue.

Sincerely,

Josh Harder

Member of Congress

###