A California medical practice is alerting 185,000 current and former patients that their personal data might have been compromised, the latest in a string of security breaches exposing hundreds of thousands of consumers to potential identity theft.
San Jose Medical Group began sending letters to affected patients earlier this week after thieves stole two computers March 28 from its administrative office.
The computers contained names, addresses and Social Security numbers, Chief Executive Officer Ernie Wallerstein wrote in the patients' letters. They also contained billing codes that could be used to extrapolate medical histories and other sensitive data.
San Jose Police Officer Enrique Garcia said it was unclear whether any patients have been victims of identity theft because of the computer theft. The police department's fraud unit is investigating.
The medical group's letters comply with a California law that took effect in 2003 and requires companies to notify residents whenever personal data has been compromised.
California remains the only state with such a law, but U.S. Sen. Dianne Feinstein introduced federal legislation in February that would require companies to disclose breaches to consumers nationwide.