Eight computers were stolen from medical billing contractor Sutherland Healthcare Solutions in Torrance, CA, on February 5, 2014. A month later, the week of March 6, many patients received letters on Sutherland letterhead alerting them that their personal data, including first and last names, social security numbers, and billing information—and possibly their dates of birth, addresses and even their personal medical information and diagnoses—had potentially been compromised. As many as 173,900 patients may be affected.
Medical records are a high-value commodity. While social security numbers go for about one dollar each on black market websites, medical records can fetch as much as $50 each, according to the Medical Identity Fraud Alliance.
The information in a medical record is an identity theft goldmine, including social security numbers, a home address, and date of birth, which is useful for committing generic identity theft. A more specific kind of identity theft, in which a patient's medical records are resold to uninsured patients who are desperate to access medical care, has been particularly lucrative.
Medical data breaches like the one in California are being reported more frequently. Since 2009, there has been a 138% increase in HIPAA data breaches, according to healthcare IT security firm Redspin.