http://www.whittierdailynews.com/news/ci_8710866
By Airan Scruby
Staff Writer
Whitter Daily News
03/26/2008
WHITTIER - About 5,000 past and current employees at Presbyterian
Intercommunity Hospital had their private information stolen, officials
said Wednesday.
The data included Social Security numbers, birth dates, full names and
other records stored on a desktop computer that was stolen from a
Fullerton data management group on Feb. 11.
In addition to the 5,000 employees, another 35,000 identities from 18
other companies were stored on the computer, officials said.
According to hospital Human Resources Vice President Lon Orey, the
employees will be given a one-year subscription to LifeLock, a group
which tracks the user's information and guards it from illegal use.
"We take the treatment of employee information very seriously," Orey
said, "and we will continue to do everything we can to protect them."
A letter informing employees that their information was in jeopardy was
dated March13, more than a month after the breach.
Spokeswoman Terri Starkman said the hospital would not comment about the
lapse between the theft and notification.
"I really don't have any further information other than that," Starkman
said.
Police arrested Todd Irvine of La Habra on March 7 after they tracked
the stolen computer to his house through an IP address. They found other
stolen computers and equipment, according to Fullerton police.
Sgt. Mike MacDonald said it was unlikely that the identities stored in
the computer were the target of the thief. The suspect probably just
wanted the electronics, he said.
Irvine, 43, was arraigned and remains in custody, MacDonald said.
Those affected either work or have worked for Presbyterian
Intercommunity Hospital and received health benefits through that
employer, Orey said.
Among those groups are the Los Angeles Department of Water and the
Modesto City School District, police said.
According to Orey, the sensitive information was given to Systematic
Automation, Inc., so that the company could relay information to health
insurance providers on behalf of employees. Orey said the hospital did
not ask for permission to give the information to Systematic Automation.
"It's just an automatic kind of thing," Orey said.
A Systematic Automation representative said the company immediately
notified its partners that were affected and were working with police.
The representative declined to give his name.
In an official statement, the hospital said that it "like any large
company, relies on the services of outside experts to perform various
functions on its behalf."
Orey said the incident has prompted a closer look at employee security.
Many affected by the breach have requested coverage through LifeLock to
last more than one year, and Orey said the hospital is considering
extending the benefits. He said the hospital may even give coverage to
all of its current 3,000 employees, just to be safe.
"There is a high probability," he said, "we're going to make this an
ongoing program for employees."
___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
