The Los Angeles County Public Health Department has been hit by its third medical records breach
in the past four years, this time through a contractor whose unencrypted computers were reported stolen. The stolen computers contained medical data of 168,500 patients, according to a county news release and published reports.
The breach is the subject of a class-action lawsuit filed last week against the county and contractor
, the Los Angeles Times reports.
The break-in occurred Feb. 5 at a Southern California office of Sutherland Healthcare Solutions, which provides the county with billing services, according to a statement on the county agency's website
The computers contained personal identifiers, including first and last names and Social Security numbers and may have included individuals' dates of birth, addresses, diagnoses “and other medical information,” the statement said.
As a result, Sutherland is offering 12 months of credit monitoring, a $20,000 “insurance reimbursement policy,” and access to “fraud resolution representatives,” the statement said.
The lawsuit contends that Sutherland failed to encrypt the stolen data, did not notify patients of the theft in a timely manner and is offering “woefully insufficient” relief to the people impacted.
The country previously reported the theft of 33,000 paper records in July 2010 and the theft of a laptop computer with 667 records in 2011, according to the Office for Civil Rights at HHS, which began in September 2009 publicly posting breaches involving the records of 500 or more individuals.Follow Joseph Conn on Twitter: @MHJConn