SF Dept of Public Health Patient Information Involved in Security Breach- March 21, 2014



Contact: Rachael Kagan, Department of Public Health

415 420-5017 cell, 415 206-3170 desk or rachael.kagan@sfdph.org




Billing contractor’s computers stolen, containing personal data


SAN FRANCISCO — A February 5 break-in at the Torrance, CA office of Sutherland Healthcare Solutions resulted in the theft of computers that included patient information from Sutherland clients, including the San Francisco Department of Public Health (DPH).

Sutherland, which contracts with DPH to provide billing services, informed DPH on March 18 that personal information of approximately 55,900 San Francisco medical patients was stolen, including names, billing information, and in some cases social security numbers, dates and locations of services and dates of birth. The majority of patients were cared for at DPH facilities between August 2012 and November 2013.

“We take the security and privacy of patient information very seriously,” said Barbara Garcia, Director of Health. “We are working to ensure that all patients are notified and provided with resources to help them protect their privacy.

There is no confirmation that there has been any attempted access or attempted use of the information involved in this incident. The health department will begin contacting affected patients by mail next week. In cases where a mailing address is not available, the department is conducting outreach to find and notify the individuals. The California Department of Public Health, the California Attorney General and federal authorities have been alerted.

Sutherland is offering San Francisco patients free credit monitoring and recovery services for one year with identity theft insurance coverage of up to $20,000. Starting on Monday March 24, patients may call Sutherland’s call center at 866-486-4809 or visit http://www.myidcare.com/idexpertshealthcareprotection to learn if they are affected and to access these services.

Records of approximately 168,500 patients of Los Angeles County departments of health services and public health also were stolen in the break-in. The criminal investigation is being led by the Torrance Police Department.

The San Francisco patients had used the outpatient medical services of the Health Department’s Community Oriented Primary Care Clinics or of the San Francisco General Hospital and Trauma Center emergency department or clinics. Most of them were uninsured.

Sutherland is a business processes and technology management services company based in Rochester, NY. As a contractor, Sutherland is obligated by the federal Health Insurance Portability and Accountability Act (HIPAA) to protect patient privacy. Sutherland has informed DPH how they are ensuring that patient information is secure and what steps they are taking to prevent an incident like this from happening again. Sutherland’s response includes:

  • Encrypting all computers
  • Requiring all data be saved to share drives and not be saved on individual computers
  • Cabling desktop computers to desks



Leave a comment

Filed under Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s