Among those affected by the burglary at Sutherland Healthcare Solutions were an undisclosed number of City of Hope patients. You can read City of Hope’s notification letter on the California Attorney General’s website. Patient information on the unencrypted computers included patients’ names, Social Security numbers, addresses, phone numbers, medical record numbers, account number and/or diagnoses.
City of Hope noted that their contract with Sutherland incorporated strict privacy standards, and as a result of this incident, they have suspended business with Sutherland.
Although Sutherland’s notice offered those affected free credit monitoring services through ID Experts, City of Hope’s letter offers its patients services through Kroll.
Sutherland did not return a phone call from PHIprivacy.net yesterday asking them to clarify whether the 168,000 figure for Los Angeles County patients represented all patients who personal information may have been on the stolen computers.
Update: A spokesperson for Sutherland confirmed that the 168k figure only applied to the L.A. County health system and did not include other entities that may have been affected by the breach, such as City of Hope. So the final number on the Sutherland breach is as yet unknown, as they did not disclose how many other covered entities may have been affected by this breach.