Oakland, Calif.-based Kaiser Permanente is notifying patients of a security incident after two former employees stole "a number" of ultrasound units containing varying amounts of protected health information of approximately 1,100 patients in Northern California.
A Kaiser investigation confirmed in June that data sets included a range of protected health information, from just names and dates to full names, medical record numbers and images. No Social Security numbers or financial information were included in the data sets, reports Kaiser.
Kaiser reports that most of the stolen units have been returned, but some units have not yet been located. The health system has no evidence any protected health information has been inappropriately accessed. Before the recovered units were returned to Kaiser, they were locked in a storage unit.
The notification does not indicate from which facility the ultrasound units were stolen or whether any action was taken against the former employees who stole the units.
"We believe that this equipment was only stolen to sell for profit, and not to reveal or misuse member information. There is no sign that health information has been used for fraud or other criminal activity," Angela Anderson, regional privacy and security officer for Kaiser Permanente Northern California, said in a statement.
The health system is continuing its investigation into the incident and is working with law enforcement.
More articles on data breaches:
HHS: Ransomware attacks considered breaches in most cases
June was the worst month so far for hospital data breaches
Half-year in review: 8 biggest data breaches from the past 6 months