Home | News Alerts | Nearly 30,000 Kaiser Employees Notified of Breach

Nearly 30,000 Kaiser Employees Notified of Breach

Missing computer resulted in identity theft

February 10, 2009

Police recently arrested a suspect in possession of a computer containing personal information for approximately 30,000 Kaiser Permanente employees, The Mercury-News reports. Meanwhile, the HMO’s senior vice president of human resources, Gary Westfall, has stated that a “handful” of employees have experienced identity theft.

Kaiser Permanente only found out about the breach after police found the computer file in the possession of 28-year-old Mia Garza. The San Ramon resident was arrested Dec. 23 on suspicion of possession of stolen property and forgery, according to San Ramon, Calif. police Cpl. Rich Persson. The company stated the suspect is not a Kaiser employee.

Oakland, Calif.-based Kaiser was informed of the breach in late January, said company spokesman Jim Caroompas in The Mercury-News. The company subsequently launched an internal investigation to determine the source of the breach.

The file contained names, addresses, phone numbers, Social Security numbers and dates of birth for Northern California employees. Kaiser is offering one year of free credit monitoring to those affected. “No Kaiser Permanente member information or personal health information was involved,” Westfall stated.

Kaiser has had problems protecting patient data in the past. The company appears a number of times on Privacyrights.org’s chronological listing of data breaches. Stolen laptops in July and November 2006 exposed nearly 200,000 patient records (although they did not contain Social Security numbers). A February 2007 laptop theft exposed 22,000 patient records, 500 of which included SSNs. California also fined Kaiser $200,000 for a March 2005 Web posting of 140 patient records.

Kaiser stated it encrypts employee information on laptops and mobile devices, has technological safeguards such as electronic access controls in place, regularly updates its security, and trains its employees in data security. According to ChannelWeb, a Kaiser spokesperson declined to comment on whether the recently compromised data was indeed encrypted.