St. Luke’s Health Suffers Third-Party Data Breach, Unrelated to CommonSpirit Attack

November 03, 2022 - Texas-based St. Luke’s Health notified 16,906 individuals of a third-party data breach that impacted Adelanto Healthcare Ventures (AHCV), a consulting services vendor. The breach is unrelated to the October ransomware attack at St. Luke’s Health’s parent company, CommonSpirit Health, which impacted multiple facilities, including St. Luke’s.

In a recent notice to patients, St Luke’s Health explained that AHCV discovered that two of its employee email accounts were compromised by a third party on November 5, 2021.

“An initial investigation by AHCV indicated that no protected health information had been exposed,” the notice explained.

“However, after further review, AHCV determined that the compromised email accounts contained St. Luke’s Health protected health information and notified St. Luke’s Health of its new findings on September 1, 2022.”

The data involved in the incident included names, dates of birth, addresses, Social Security numbers, dates of service, Medicaid numbers, medical record numbers, and limited clinical information.

AHCV has since implemented additional security controls and has found no indication that data was misused as a result of the incident.

“We apologize for this event that occurred with one of our vendors, and regret any concern that this issue may have caused,” the notice stated.