Medical Data At Risk After Storage Device Was Stolen From Employee’s Vehicle

The first of December, an employee of Kaiser Permanente Northern California found that an external drive from their place of employment was stolen for their vehicle. The information on this drive was not password protected or encrypted, and included the personal medical data of approximately 15,000 of the hospital’s patients.

This information did not, however, include Social Security numbers or financial information, which lessens the risk that this data can be used for identity theft purposes. There has been no record of misuse of this information at this point in time, but there is still a risk that the information can be used incorrectly.

The employee who had the data stored in their vehicle was fired because the employee had stored personal data on the drive and did not protect the information according to Kaiser’s employee policies and rules.

The patients of Kaiser Permanente were notified by mail of the incident, but they state that there should be not further action taken by patients, although placing fraud alerts and signing up for identity theft protection is always a step one should take to protect their financial information.