Stolen thumb drive contained five years of data on nearly 34K Calif. patients

Share this article:

Nearly 34,000 patients who received X-ray services at California-based Redwood Regional Medical Group are being notified that their personal information was on a thumb drive that was stolen from an employee's locker.

How many victims? 33,702. 

What type of personal information? Names, dates of birth, genders, medical record numbers, dates and times of service, areas of body X-rayed, X-ray technologist names, and radiation levels required to produce the X-ray.

What happened? A thumb drive containing the data was stolen from an employee's locker.

What was the response? The incident was reported to officials and law enforcement, and an investigation is ongoing. Redwood Regional Medical Group is implementing new procedures, such as adding security personnel and an alarm system, as well as changing protocols for handling data. All impacted individuals are being notified, and offered free access to credit monitoring and identity theft protection services.

Details: The thumb drive was stolen on June 2 from an unlocked employee locker. The data related to patients who received X-ray services from Feb. 2, 2009, to May 13.

Source:, The Press Democrat, “Health records of nearly 34,000 patients stolen from Santa Rosa office,” June 11, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters



More in The Data Breach Blog

About 60K transactions possibly affected in Cape May-Lewes Ferry breach

The security of card processing systems relating to food, beverage and retail sales at the Cape May-Lewes Ferry was compromised and payment card data may be at risk.

Arkansas State University-Beebe is investigating a potential breach

Arkansas State University-Beebe is notifying students and employees of a service running on one of its servers that could pose a potential breach to the system.

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

Arizona State Retirement System notifies nearly 44,000 individuals enrolled in dental plans that two unencrypted discs containing their personal information are missing.