Kaiser Permanente of Northern California is notifying patients after discover of an insider theft.
In a letter template uploaded to the California Attorney General’s web site today, Angela Anderson, KP’s Regional Privacy and Security Officer, writes that on June 10, they learned that a number of ultrasound machines had been stolen by two KP employees. The machines were stolen from several KP sites and stored in an offsite storage unit.
Machines that were recovered were examined, and some were found to contain protected health information (PHI), including medical record number, medical record number with first and/or last name, or both, names without medical record numbers, and/or images, depending on the patient.
KP believes the purpose of the theft was to sell the devices for profit and not for misuse of the PHI.
Although the letter does not indicate when the theft first began, metadata for the submission indicates that the breach first occurred on Sunday, June 6, 2010.