In one of the largest cases of stolen medical and financial information nationwide, San Jose Medical Group is alerting 185,000 current and former patients that their sensitive personal data may have been on computers taken during a recent break-in.
In a first-class letter to patients dated Monday, CEO Ernie Wallerstein said two computers were taken March 28 from the physician group's administrative offices. The computers, he wrote, ''contained names, addresses, confidential medical information and Social Security numbers, perhaps including yours.''
While there is no evidence the data has been misused or disclosed to others, police have no suspects in the early-morning break-in, in which the Dell computers were snatched from a locked area of a computer room.
''It's very upsetting. My information, too, is in there,'' said chief medical officer Dr. Dean Didech. ''But my assumption is they were taken because they were new computers.''
The theft is the latest in a string of incidents where personal data was lost or stolen because of security lapses. The problem prompted U.S. Sen. Dianne Feinstein to press last week for national legislation to better protect against identity theft.
California already requires that consumers be notified immediately if thieves gain entry to computers that contain unencrypted personal information, such as credit card or driver's license numbers.
The two computers had billing records on them, Didech said. And while they didn't contain complete medical records, they did have sensitive health information on them in the form of billing codes.
''The more I think about it, the more I'm disturbed,'' said Nancy Smereski, a Morgan Hill resident who received one of the letters Thursday.
Smereski was just one of the angry patients who called a toll-free hotline for the medical group that was listed in the letter -- only to find the number was overwhelmed and no operators were available to answer her questions. After 40 minutes on hold, Smereski gave up, she said.
Patients were encouraged to alert a credit bureau that their personal data could be used for fraudulent reasons. And they were warned to look over their credit reports carefully to see if new credit cards are opened in their name.
''It seems like the process is, they screw up and we take care of it,'' Smereski said.
The precautions are good ones for consumers to take, even though the confidential information may never be accessed by the thief.
''It's a waiting game for the consumer,'' said Stephen Gibbons, a Santa Clara County assistant district attorney. In many past cases of stolen data, the information hasn't ever been used, he said.
It was unclear whether the billing records contained credit card numbers. Patients might want to close their credit card accounts and open up new accounts with different numbers, just to be safe, he said. ''But that's obviously more effort for the consumer.''
The theft is just another black eye for the beleaguered medical group, which filed for Chapter 11 bankruptcy reorganization in 2002, closing several locations. The group emerged from bankruptcy in September. The physician-owned organization has a network of more than 200 doctors around the Bay Area.
Since the break-in, the group has beefed up security, Didech said, installing an alarm system, getting its landlord to agree to put surveillance cameras in the building and increasing the security of data on its computers. He did not give more specifics.
More and more companies have taken similar actions, including encrypting databases, to make sure their computer systems are secure, Gibbons said. But as this -- the latest in a string of consumer information thefts that has plagued even banks such as Wells Fargo -- illustrates, it can be hard to protect a person's privacy if computerized records fall into the wrong hands.
''Generally, hospitals are very sensitive about not disclosing patient information,'' Gibbons said. But ''if you have someone bent on stealing information and if they walked off with some computers, that's difficult.''