Kaiser Permanente may have suffered possible data breach due to theft of its ultrasound units. This incident has affected 1,100 members of the facility. Undisclosed number of ultrasound units were stolen by the two former employees. Facility recovered a “significant portion” of the stolen machines which contained ePHI, such as names, medical record numbers, and medical images.
Kaiser Permanente is an integrated managed care system which maintains healthcare coverage for 9 million individuals. According to the reports, the stolen machines were found in a locked storage unit. Some units are yet to be located. It mentioned that that the only reason for the theft was to sell the units for profit. It has nothing to do with disclosing or misusing PHI. Also, there is no evidence that ePHI was accessed by an unauthorized entity.
Facility launched an investigation to identify which members may have had their information exposed by the incident. It has also contacted local law enforcement officials. Notifications letters specifically addressing the ePHI data elements found for each affected individual are sent.
“Kaiser Permanente is committed to protecting the confidentiality of our members’ personal information,” explained the statement. “We are continuing our investigation of this incident and are taking appropriate actions to prevent similar errors in the future. We are cooperating fully with law enforcement in this matter.”
“We sincerely apologize for any inconvenience or concern this incident may cause. Because Social Security numbers were not accessed, the risk for any fraud is quite low. Additionally, we believe that this equipment was only stolen to sell for profit, and not to reveal or misuse member information. There is no sign that health information has been used for fraud or other criminal activity,” said Angela Anderson, Regional Privacy & Security Officer, Kaiser Permanente Northern California.
Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Check Point Full Disk Encryption.