Health care consortium Kaiser Permanente's Northern California division has publicly disclosed a data breach after two of its employees allegedly stole an unspecified number of ultrasound machines containing protected health information. As of July 11, 2016, approximately 1,100 patients are known to be affected.
According to a breach notification the company posted online yesterday, Kaiser Permanente (KP) discovered the theft on June 10, and subsequently recovered most of the equipment. An investigation found some of the ultrasound machines contained such information as medical record numbers, names and images. No financial information was stored on the devices, and “There is no sign that health information has been used for fraud or other criminal activity,” stated Angela Anderson, Regional Privacy & Security Officer, Kaiser Permanente Northern California, in the online notification.
The alleged thieves intended to sell the machines for profit, not the data within them, KP reported. An investigation is ongoing.