Stolen laptops contain medical info on 185,000 patients

A San Jose, Calif., medical group acknowledged that two computers stolen from the organization's offices contained sensitive information on some of the group's patients, including social security numbers and confidential medical information on 185,000 people.

The computers were taken from behind locked doors at the administrative offices of the San Jose Medical Group on March 28, after thieves broke through the doors, according to a statement posted on the group's Web page. News of the theft comes just a week after news of a similar incident at the University of California at Berkeley , that resulted in the loss of personal information on 98,000 graduate students and applicants to the University.

A police investigation into the San Jose theft is ongoing and the group is cooperating with law enforcement to find the thieves. The group has also alerted the three major credit card bureaus and said there is no evidence that any of the stolen information has been used for identity theft. Patients whose information was on the computers should place a fraud alert on their credit files, according to the statement.

Two Dell computers were taken from a locked area of the organization's computer room between 1 a.m. and 5 a.m. Pacific Time, according to Dr. Dean Didech, chief medical officer at the physician-owned group in San Jose.

The computers that were taken were new and contained medical billing codes and Social Security numbers for the group's patients, but not complete medical records, Didech said.

The theft was the first such experienced by the group. Still, San Jose Medical Group is asking the landlord of the building that houses its administrative headquarters in San Jose to beef up security at the building by installing surveillance cameras at entry points and an alarm system, Didech said.

In the meantime, the group's staff is trying to stay on top of a flood of phone calls from patients who have received letters and need help navigating the credit bureaus and obtaining copies of their credit reports, he said.

"We're doing what we can," Didech said.

The similar theft at University of California at Berkeley, occurred after thieves walked off with a laptop computer from a restricted area of the graduate division offices, on March 11. That theft happened during the day while the laptop was left unattended.

The incident at San Jose Medical Group was reported to police and the public in accordance with California's State Law SB 1386, which requires that organizations make reasonable efforts to contact individuals affected by data theft.

In its statement, the San Jose Medical Group said it is committed to protecting the privacy and security of personal and medical information, but that "it is difficult to fully protect against burglaries and thefts."

The IDG News Service is a Network World affiliate.