Kaiser Permanente mailed letters this week to 160,000 of its Northern California-based HMO subscribers, informing them that a laptop containing their personal information, including their phone numbers and Kaiser numbers, had been stolen.
The data was being used to market Hearing Aid Services to 160,000 Health Plan members in Northern California, though the person who tipped Wired News to the story has no history of hearing problems.
No social security numbers were on the laptop, which was stolen sometime in late June from a "secure office" in the Permanente Medical Group Business Development Group, according to a Kaiser spokeswoman and a member represent answering a toll free number for Kaiser members.
The letter suggested that the risk may be limited, as the laptop required a user name and password, but made no mention of encryption.
The Oakland Police Department is investigating, according to a written statement released Thursday night.
"We believe it was a random and isolated crime," the statement read, in part. "We apologize to all patients affected by this unfortunate incident and we regret that it occurred. We take protecting the privacy and security of our members' personal medical information seriously, and are taking appropriate actions to further guard against future such incidents."
A Kaiser spokesperson was unable to provide any more information immediately.
It's unclear whether the letters were required by California's disclosure law or federal medical privacy rules, known as HIPAA.
California's rule (.pdf) generally only requires disclosure when a person's financial information, such a social security number, credit card number, or debit number-and-PIN are acquired by an unauthorized person.
Those who have questions can call 1-866-453 3934, from 7 a.m. to 7 p.m PST, and have the right to put fraud alerts on their credit reports.