Cyber Incident Victim: Hospice of San Joaquin

On July 2, 2019, Hospice of San Joaquin experienced a ransomware attack compromising its servers. The organization notified the California Attorney General’s Office about the breach, with CEO Rebecca Burnett signing the disclosure. Malicious software accessed servers containing sensitive patient information, including full names, patient ID numbers, diagnoses, and home addresses. The hospice explicitly stated donor and vendor data remained unaffected by the incident. While confirming unauthorized access to protected health information (PHI), the organization asserted no evidence indicated misuse, dissemination, or disclosure of the compromised data to unauthorized third parties. The public disclosure occurred on August 21, 2019, through a breach notice lacking technical specifics about the ransomware variant or initial attack vector.

Hospice of San Joaquin did not disclose whether it paid ransom demands or detailed its data restoration process. The notification omitted critical details including the number of affected patients, whether families’ personal information was exposed beyond patient PHI, and the operational impact on hospice services. No information was provided regarding containment measures, forensic investigations, or system recovery timelines. The organization’s communication focused exclusively on confirming the breach’s occurrence and the categories of potentially exposed data while emphasizing their belief in the integrity of the compromised information despite the encryption event. Public reporting highlighted significant unresolved questions about the attack’s scope and the hospice’s incident response actions beyond mandatory regulatory notification.