St. Joseph Health notifies 33,000 of potential data breach

SANTA ROSA -- Santa Rosa Memorial Hospital said data on about 33,000 patients were stolen during an early June burglary at one of the Redwood Regional Medical Group offices St. Joseph Health recently acquired.

A computer "thumb drive" with information on X-ray patients went missing after a June 2 burglary at an outpatient imaging center at 121 Sotoyome Dr., located across  the street from Memorial, officials said.

The following day, hospital officials learned the drive was missing from the locker of a staff member who had backed up X-ray records on the drive in preparation for a data migration to Santa Rosa Memorial's electronic medical records system.

The drive contained references to 33,702 patients who received services at the site from Feb. 2, 2009, through May 13, 2014. That information included the patient's first and last names, gender, medical record number, date of birth, date and time of service, area of the body imaged, the X-ray technologist's name and the radiation level required to produce the X-ray, in compliance with patient-safety standards.

The information did not include Social Security numbers, financial information, insurance data or diagnoses, officials said.

"We take our obligation to protect patients' privacy very seriously, and apologize for any concerns or inconvenience to patients and their families that this causes," said Todd Salnas, president of St. Joseph Health in Sonoma County, which owns and operates Santa Rosa Memorial. "Following this burglary, we immediately heightened security measures and training at our new Sotoyome Drive facility, and are committed to preventing such an intrusion from happening again."

Santa Rosa Memorial said it is mailing personal letters this week to each of the patients affected by this potential breach, and on June 9, reported the incident to the California Department of Public Health.

The hospital said it has no indication that any of the patients' information has been used in any unauthorized or improper manner. Yet as a precaution and courtesy, it is offering credit-monitoring and identity-theft-protection services to affected patients at no cost for one year.

An internal hospital investigation and concurrent investigation by Santa Rosa Police began after employees discovered the burglary June 2. Efforts to recover the missing drive continue.

This is the second data breach St. Joseph Health has experienced in the past two years. In 2012, the health system alerted 31,800 patients across the state of a data breach including some 10,000 patients in Santa Rosa, Petaluma and Napa. St. Joseph Health acquired Redwood Regional Medical Group in April.

Patients or patients' family members with concerns or questions about this matter are invited to call a hotline staffed by Kroll, a global risk-mitigation and response service the hospital commissioned for affected patients. The line is available toll-free Monday through Friday, 8 a.m. to 5 p.m. Central Time at 866-779-0488.

Show Comment