Thousands of Californians’ personal data may be at risk following the theft of a hard drive that contained unencrypted records that had been improperly removed from a hospital by a Kaiser Permanente employee. eSecurity Planet takes a look.
More than 15,000 Kaiser Permanente patients in Northern California this week are being notified that their personal information, including birth dates, addresses, phone numbers and medical-record numbers, was exposed last month after an unencrypted external storage drive was stolen from an employee’s car.
Kaiser Permanente officials said the theft occurred in early December after an employee left the drive inside the car at her home in Sacramento. A week after the break-in, the unidentified employee notified hospital officials of the potential data breach.
The employee was fired for violating Kaiser’s security policies after she stored the patient files on a personal device without encryption and failed to receive permission to remove the data from the hospital.