Kaiser Employee Data Breach Could Affect 30,000
On Friday, Oakland, Calif.-based Kaiser acknowledged that it's in the process of notifying nearly 30,000 Northern California employees of a security breach that may have exposed the type of confidential data stored in human resources departments.
That would most likely include Social Security numbers, which are generally regarded as a linchpin for perpetrating identity theft -- and a bonanza for crooks. And according to a report in the San Jose, Calif.-based Mercury News, some Kaiser employees have already reported identity theft activity related to the breach.
Kaiser said it was informed of the security breach by police in San Ramon, Calif., who found a computer file containing the Kaiser employee data while searching a suspect in an unrelated matter, a Kaiser spokesperson told Channelweb.com. The file didn't contain any patient data.
The suspect is not a Kaiser employee, and Kaiser has launched an internal investigation to determine the source of the breach, according to the spokesperson.
Although it's not clear how the latest breach occurred, in the past, Kaiser has been burned by the theft or loss of employee laptops containing confidential data. The Kaiser spokesperson said company policy requires the encryption of data on laptops and mobile devices, but declined to comment on whether data on the stolen file was encrypted.
According to Privacyrights.org, which maintains a chronological listing of data breaches, Kaiser has had confidential patient data compromised on four occasions in the last four years, all of them stemming from lost or stolen laptops.
In March 2005, The California Department of Managed Health Care slapped Kaiser with a $200,000 fine for exposing the confidential health information of 140 patients. In July 2006, a laptop containing data on 160,000 Kaiser patients was stolen, although the data didn't include Social Security numbers.
In November 2006, a stolen Kaiser employee laptop exposed personal data -- but not Social Security numbers -- on 38,000 patients in Colorado. And in February 2007, a Kaiser doctor's laptop was pilfered, this time leading to the exposure of 22,000 patient records, 500 of which included Social Security numbers.