Patient letters since 2007 have been exposed

May 21, 2015 16:49 GMT  ·  By

A doctor’s office announced that medical letters containing personal patient information have been exposed to a third party, following a break-in in March.

The incident resulted in the theft of electronic equipment consisting of a desktop computer, two laptops and a server. Sharon J. Jones, M.D., with an office at 2023 Vale Road, Suite 3 San Pablo, CA 94806, reported the event to the police.

Password-protected computers do not keep the data safe

The doctor says that access to the computers was protected with a password, but a motivated attacker could easily extract the information stored on them and use it for nefarious purposes or sell it on underground marketplaces.

Protecting sensitive information should be done by encrypting it.

Although email contacts may not have been exposed, crooks can use the postal service to deliver fake communication to patients and trick them into revealing more sensitive information, which could ultimately lead to financial loss.

It is believed that the letters did not include social security numbers or financial data. However, patient’s first and last names, address and date of birth, as well as basic medical information, were present.

The incident disclosure notification sent to affected individuals informs that the stolen computers stored patient letters dating as far back as 2007. It is unclear how many individuals are potentially impacted.

Doctor moves office to a different address

“I sincerely apologize for this inconvenience and any concern it may cause you. I understand how important confidentiality and trust is to our physician-patient relationship,” the doctor says.

She recommends her patients to contact a credit agency and place a 90-day fraud alert. Also, they should monitor the bank account statements for suspicious activity that may indicate signs of identity fraud. Major credit agencies provide a free credit report every year to anyone requesting it.

After the burglary, the doctor hired a security guard to protect the premises, who managed to stop another break-in just three days after the initial one. As a consequence, the doctor decided to move the activity to a different address.