California's Palomar Health recently began notifying more than 5,000 patients that their personal and medical information may have been exposed when two unencrypted flash drives were stolen from an employee's car on the evening of February 21, 2014 (h/t Becker's Hospital CIO).
Following the theft, Palomar Health hired a forensic firm to reconstruct the information held on the devices. The investigation, which concluded on March 25, 2014, determined that the drives held over 5,000 patients' names, birthdates, diagnoses, treatment information and insurance information.
"We have no knowledge that your information has been used in any way; however, as a precaution, we wanted to notify you regarding this incident and assure you that we take it very seriously," Palmor Health privacy officer Kim Jackson wrote in the notification letter [PDF]. "We recommend that you regularly review the explanation of benefits statement that you receive from your insurer. If you identify services listed on your explanation of benefits that you did not receive, please contact your insurer."
The San Diego Union-Tribune reports that the flash drives may have been recovered at the home of Jasmine Baker, 24, who was recently arrested on suspicion of possession of stolen property.