More than 15,000 Kaiser Permanente patients in Northern California this week are being notified that their personal information, including birth dates, addresses, phone numbers and medical-record numbers, was exposed last month after an unencrypted external storage drive was stolen from an employee's car.

Kaiser Permanente officials said the theft occurred in early December after an employee left the drive inside the car at her home in Sacramento. A week after the break-in, the unidentified employee notified hospital officials of the potential data breach.

Kaiser then notified state and federal regulatory agencies as well as the Sacramento Police Department.


All the affected patients are being notified of the incident through the mail, Kaiser officials said.

The employee was fired for violating Kaiser's security policies after she stored the patient files on a personal device without encryption and failed to receive permission to remove the data from the hospital.

In November, a similar theft exposed the names and Social Security numbers of more than 60,000 soldiers and civilian personnel at the Army Corp of Engineers' Southwestern Division in Dallas.

According to the nonprofit Open Security Foundation there were more than 400 major data breach incidents last year at hospitals, universities, military bases and private-sector companies.

A report released last year by security researcher Ponemon Institute found that more than 800,000 data-sensitive memory devices -- including external storage devices -- are either lost or stolen each year.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.