[ISN] Patient IDs stolen in computer thefts

InfoSec News isn at c4i.org
Mon Apr 11 05:25:25 EDT 2005


http://sanjose.bizjournals.com/sanjose/stories/2005/04/04/daily47.html

Robert Mullins 
April 8, 2005

San Jose Medical Group has changed computer security procedures in the
wake of a burglary in which computers storing personal data about
patients were stolen.

The medical group, an organization of more than 200 doctors who
practice at Silicon Valley hospitals and clinics, was deluged with
telephone calls Friday from patients who received a letter from the
group the day before that the computer theft could make them a victim
of identity theft.

It mailed notices to 185,000 patients informing them of the theft and
encouraging them to contact any one of three credit bureaus in the
U.S. in case someone tries to obtain a credit card in their name. The
notice is required under California law.

Burglars broke into the medical group's offices at 400 Race St., San
Jose, March 28 and stole two computers that were in a room whose
locked doors were forced open. The computers stored names, addresses,
Social Security numbers and confidential medical information about
patients.

They were the only computers in the organization that contained this
personal data, which was being stored on them as part of an audit,
said Dr. Dean Didech, chief medical officer.

"We have changed security issues with regard to what we do with
computers that handle such information," Mr. Didech said.

The medical group has received hundreds of calls from patients with
questions about the notice.

Patients have been advised to contact one of the credit bureaus to
have a "fraud alert" placed on their credit file, which would warn
creditors that the named person may be a victim of identity theft. A
fraud alert filed with one bureau is shared with the other two.  
Patients also can receive a copy of their credit report at no charge.

"When you receive your credit reports, look the papers over
carefully," wrote Ernie Wallerstein, chief executive officer of San
Jose Medical group, in the letter mailed to patients and also handed
out to people visiting clinic sites Friday. "Look for accounts that
you did not open. Look for inquiries from creditors that you did not
initiate. Look for personal information such as a home address or
Social Security number that is not accurate."

Patients can contact the credit bureaus by phone or online:

Experian: 888-397-3742            www.experian.com
Equifax: 888-766-0008             www.equifax.com
TransUnion Corp.: 800-680-7289    www.transunion.com





More information about the ISN mailing list