Theft of Computers Endangers Data of 55,900 S.F. Patients

March 22--San Francisco public health officials will begin notifying nearly 56,000 patients of the city's health services next week that their personal information may have been compromised by theft of several computers from a billing contractor in Southern California.

The company that the San Francisco Department of Public Health contracts with to provide billing services, Sutherland Healthcare Solutions, told local health officials Tuesday that the computers were stolen Feb. 5 from the firm's office in Torrance (Los Angeles County).

The information from 55,900 San Francisco patients included names, billing information and, in some cases, Social Security numbers, dates of birth, and times and locations of services. Most of the patients had received care at health department sites between August 2012 and November 2013.

"We take the security and privacy of patient information very seriously," Barbara Garcia, San Francisco's health director, said in a statement. "We are working to ensure that all patients are notified and provided with resources to help them protect their privacy."

The announcement comes the same week news surfaced that UCSF warned 9,986 patients that they may have been affected by the theft of desktop computers from the university's Family Medical Center on Sloat Boulevard in January.

In the UCSF case, the computers were not encrypted, exposing names, dates of birth, mailing addresses, medical record numbers, health insurance ID numbers, and driver's license numbers. The Social Security numbers of 125 patients were on the computers.

San Francisco health officials said they believed the eight computers stolen from Sutherland's offices were also unencrypted. Officials from Sutherland, which is headquartered in Rochester, N.Y., did not immediately respond to requests for comment.

Other records taken

Records of approximately 168,500 patients of Los Angeles County departments of health services and public health and a smaller number of patient records from at least one private Southern California hospital also were stolen in the break-in.

The criminal investigation is being led by the Torrance Police Department, and the California Department of Public Health, the California attorney general and federal authorities have been alerted.

In both the UCSF and San Francisco health department thefts, there's no evidence that anyone has tried to access or use the personal information.

Rachael Kagan, spokeswoman for San Francisco General Hospital, said Sutherland let county health officials know at the end of February that local patient information was compromised.

"It wasn't until March 18 they were able to confirm the number and give us the data files to allow us to begin notifying our patients," Kagan said.

Seeking assurances

San Francisco patients affected by the thefts had used the outpatient medical services of the health department's primary care clinics or of the San Francisco General Hospital emergency department or clinics. Most were uninsured.

Kagan said the department has suspended sending any new data to Sutherland until officials can be assured the information is safe.

Victoria Colliver is a San Francisco Chronicle staff writer. E-mail: vcolliver@sfchronicle.com Twitter: @vcolliver

Copyright 2014 - San Francisco Chronicle