Breach, Data Security, Vulnerability Management

Stolen external drive contained Kaiser Permanente patient info

An external drive containing the sensitive data of thousands of patients was stolen from an employee of health insurance provider Kaiser Permanente.

How many victims? 15,500 patients throughout Northern California.

What type of personal information? Names, medical-record numbers and some dates of birth, gender data, phone numbers and other information related to patients' care and treatment.

The device did not contain any Social Security numbers or financial information.  

What happened? The external drive was stolen on Dec. 1 from an employee's car at her home in Sacramento. The employee notified Kaiser of the theft on Dec. 8.

Details: Kaiser officials determined through an internal investigation that the employee was storing the information for work and not for inappropriate purposes.

But the employee, who was not identified, was subsequently fired for violating Kaiser policy by storing the files on a personal device without encryption, and without getting permission to do so.

What was the response? Kaiser notified state and federal regulatory agencies and the Sacramento Police Department. Patients were notified by mail.

In addition, staff members are undergoing security awareness training.  

Source:, Fresno Bee, “Theft of Valley Kaiser patients' info reported,” Jan. 12, 2010.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.