As many as 168,500 patients of Los Angeles County medical facilities may have had their data stolen in a break-in at a county contractor's office last month, county officials said Thursday.
A Torrance office of Sutherland Healthcare Solutions, which handles billing and collections for the county's Department of Health Services, was broken into on Feb. 5 and computer equipment was stolen, according to a statement from the county. [Updated at 4:19 p.m.: Sutherland also handles billing and collections for the county's Department of Public Health].
The computers contained patient data including patients' first and last names, Social Security numbers and certain medical and billing information, and may also have included birthdates, addresses and diagnoses.
"I'm not aware of another breach of this significance ever having occurred," said Los Angeles County Assistant Auditor-Controller Robert Campbell. The auditor-controller's office oversees the county's compliance with federal medical privacy regulations.
Campbell said Sutherland notified the county of the breach on Feb. 10, but it was not clear at that point how many patients were affected. On Feb. 25, the company confirmed that county patients' data were stolen, and on Thursday began notifying the patients by mail.
The district attorney's cyber investigation team is working with the Torrance Police Department and other law enforcement agencies on a criminal investigation. Campbell said the county will be looking into the contract with Sutherland and procedures that were in place to see if the breach could have been prevented.
Sutherland has set up a toll free line at (877) 868-9284 so that patients can find out if they were affected. The line will be available beginning Friday. The company will provide free credit monitoring for patients whose data were stolen.