Update: Stolen computers contain data on 185,000 patients

Computerworld - A San Jose-based medical practice has notified about 185,000 current and former patients about the theft of their personal information contained on two computers stolen from its offices during a burglary March 28.
In an statement posted on its Web site today, San Jose Medical Group Management Inc. said the desktop computers were stolen from a locked administrative office during the burglary, which is being investigated by local police. The computers contained names, addresses, confidential medical information and Social Security numbers of some 185,000 current and former patients, according to the health care provider.
Mike Patel, vice president of information technology for the medical group, said that the two stolen desktop towers were recently purchased Dell PCs that were being used for year-end audits at the practice.
The data was put onto the Dell machines from secure servers so the audits could be done on local machines, he said. "We believe they were targeted for the hardware," which included fast new processors and other up-to-date components, he said.
The data included personal information about patients from the last seven years, Patel said. The practice currently has about 60,000 patients, he said.
No medical records, lab test or patient credit card or banking information was included in the data, Patel said. The records did include billing information.
The practice took seven days to begin notifying patients of the theft because of "the whole logistics" of preparing a list of 185,000 affected patients and getting a mailing out, he said.
San Jose Medical Group has alerted each of the three major credit bureaus of the incident, according to the statement. No reports have been received that any of the patient information has been used for fraudulent purposes, according to the organization. Patients were notified to contact the Equifax Inc., Experian Information Solutions Inc. and TransUnion Corp. credit-reporting agencies to place fraud alerts on their accounts in case their information is used by unauthorized persons.
"San Jose Medical Group is committed to protecting the privacy and security of your personal and medical information," the organization said in its statement. "Unfortunately, it is difficult to fully protect against burglaries and thefts. As your health care provider, one of our top priorities is the protection of your personal information; this is something that we take very seriously. We apologize for any inconvenience or concern this incident has caused."
The incident is the latest in a recent string of data-theft cases. Last month, computer hackers broke into databases belonging to LexisNexis Group and stole personal information