Tuesday, May 06, 2014

SF DPH Personal Data Security Breach Affects 55,900 Patients

When a government agency wants to bury bad news, it issues a press release on a Friday in the hope that there will be minimal attention paid to the problem.

On Friday, March 21 the San Francisco Department of Public Health posted an alert about a troubling security breach impacting thousands of patients:

A February 5 break - in at the Torrance, CA office of Sutherland Healthcare Solutions resulted in the theft of computers that included patient information from Sutherland clients, including the San Francisco Department of Public Health (DPH). Sutherland, which contracts with DPH to provide billing services, informed DPH on March 18 that personal information of approximately 55,900 San Francisco medical patients was stolen, including names, billing information, and in some cases social security numbers, dates and locations of services and dates of birth . The majority of patients were cared for at DPH facilities between August 2012 and November 2013.

Over at the SF Chronicle reporter Victoria Tolliver wrote a story that appeared on a Saturday, probably the day with the lowest number of readers for the paper's print and web editions and as far as I can determine, no other media outlet picked up on the security breach.

Since I was a patient of the DPH system (I'm now receiving primary care at UCSF's 360 Poz Clinic), I received a letter via snail mail alerting me to this breach and followed the instructions on how to protect my data and credit rating through private firm contracted with and paid for DPH, for one year.

That letter was sent to all patients but a friend of mine receiving care at the Castro Mission Health Center told me over the weekend he didn't receive the letter and had no idea about the breach. He doesn't read the Chronicle and because he recently moved, not all of his mail has been forwarded to his new address.

Of course, I told him where to find the letter instructing him how to protect his info and hope he's signed up for the free credit protection services.

If you were a patient of DPH's system or still receive services from one of their facilities, you should get informed about this breach. More info is posted here.

1 comment:

vcdiva said...

Thanks for informing us! This is the first that I've heard of it!