A California healthcare system is the latest victim of a data security breach.

This morning, Verity Health System, which operates six California hospitals, put out a terse statement that a seldom-used website for its medical foundation has been breached.

Verity Health says an unauthorized third party may have accessed personal information on about 10,000 individuals. The information, collected between 2010 and 2014, includes patient names, dates of birth, medical record numbers, addresses, e-mail addresses, phone numbers and the last four digits of credit card numbers. The information does not include Social Security numbers or full credit card information, Verity says.

On Jan. 6, Verity Health detected that an unauthorized third party accessed the Verity Medical Foundation-San Jose Medical Group website, which is no longer in use, the health system says. An internal investigation determined that the access occurred between October 2015 and January 2017. Verity next says it took steps to “secure the website, stop any further unauthorized activity and prevent similar incidents from happening in the future.”

“Verity Health System takes the security of our patients’ information seriously, and we regret that this incident occurred,” says CEO Andrei Soran.

Verity Health includes six California hospitals, the Verity Medical Foundation and Verity Physician Network. Verity says it has notified patients of the breach and offered them free credit monitoring for 12 months. Verity also says it is working with an unidentified cybersecurity firm to beef up its data and privacy security, but didn’t disclose details.

“We took immediate steps to investigate this incident, notify the affected individuals and appropriate authorities, and ensure enhanced protection of our information systems going forward,” Soran says. “We are working to further evaluate the integrity of our information systems.”

So far in 2017 there have been about dozen reported healthcare system data breaches, says the U.S. Department of Health and Human Services Office of Civil Rights. The Verity data breach is the second largest so far. On Jan. 27 WellCare Health Plans Inc. of Florida reported a data breach that impacted the personal health information of about 25,000 patients, says the Office of Civil Rights.