Trio of health data breaches rocks California patients

Three major data breaches rocking the state of California made headlines recently--one involving a computer infected with malicious software, one involving a former employee's illegal access and one involving theft of medical data from a contractor's office.

In Torrance, Calif., a total of 338,700 patients have been affected by medical data stolen from Sutherland Healthcare Solutions, a medical billing and collections company. The Los Angeles Times reports that the data was stored on eight computers taken during a February break-in, with information including patients' first and last names, Social Security numbers and certain medical and billing information. Birth dates, addresses and medical diagnoses also may have been included.

Police, the Los Angeles County district attorney's cybercrime team and the U.S. Secret Service currently are investigating the break-in, according to the Times. Three class-action lawsuits have been filed over the breach, and potentially impacted patients were offered free credit monitoring.

Further south, in Orange County, La Palma (Calif.) Intercommunity Hospital recently notified patients that their medical records may have been viewed illegally by a former employee, the Orange County Register reports. In September 2012, the hospital learned an employee accessed the following types of information without permission: Social Security numbers, driver's license numbers, addresses, birth dates and some medical information, according to a letter dated March 21 from the hospital's chief financial officer.

The hospital didn't comment on why it waited more than a year to inform patients, or whether police are on the case.

In Northern California, meanwhile, an April 3 letter from Kaiser Permanente informed patients their information was compromised when malicious software infected a Kaiser server. According to Government Health IT, some 5,100 patients were effected, and the malware sat on the computer for more than two and half years before being discovered this past February.

The information of patients who had participated in a research study was on the server, including first and last names, addresses, race/ethnicity, medical record numbers, lab results and responses to the study, according to the letter.

More than 7 million patient records were breached last year, an increase of 138 percent from 2012, according to a recent report from IT security audit firm Redspin.

The report analyzes breaches reported to the U.S. Department of Health & Human Services and identifies trends and highlights areas most in need of improvement.

To learn more:
- read the Los Angeles Times article
- read the Orange County Register article
- see the Kaiser Permanente letter (.pdf)
- read the Government Health IT article