Stolen computers contain data on 185,000 patients

Filed under
Security

A San Jose-based medical practice has notified about 185,000 current and former patients about the theft of their personal information contained on two computers stolen from its offices during a burglary March 28.

In an statement posted on its Web site today, San Jose Medical Group Management Inc. said the desktop computers were stolen from a locked administrative office during the burglary, which is being investigated by local police. The computers contained names, addresses, confidential medical information and Social Security numbers of some 185,000 current and former patients, according to the health care provider.

Mike Patel, vice president of information technology for the medical group, said that the two stolen desktop towers were recently purchased Dell PCs that were being used for year-end audits at the practice.

The data was put onto the Dell machines from secure servers so the audits could be done on local machines, he said. "We believe they were targeted for the hardware," which included fast new processors and other up-to-date components, he said.

The data included personal information about patients from the last seven years, Patel said. The practice currently has about 60,000 patients, he said.

No medical records, lab test or patient credit card or banking information was included in the data, Patel said. The records did include billing information.

The practice took seven days to begin notifying patients of the theft because of "the whole logistics" of preparing a list of 185,000 affected patients and getting a mailing out, he said.

San Jose Medical Group has alerted each of the three major credit bureaus of the incident, according to the statement. No reports have been received that any of the patient information has been used for fraudulent purposes, according to the organization. Patients were notified to contact the Equifax Inc., Experian Information Solutions Inc. and TransUnion Corp. credit-reporting agencies to place fraud alerts on their accounts in case their information is used by unauthorized persons. continued >>