The Bay Area Pain Medical Associates company recently sent notices to patients informing them of a data breach on May 19, in which three desktop PCs were stolen following an office break-in. The Sausalito Police Department is currently investigating, as the company warns patients of what is at risk: There were around 2,780 patients affected due to the breach, with a spreadsheet including patient data available on one of the PCs taken from the office.
The medical records were encrypted, but a single Excel spreadsheet contained "approximately 2,780 patient names, including yours, and years of service may have been available," the company sent in a memo to patients.
These types of incidents seem to happen too frequently - even if PCs and laptops are safely secured in offices - security experts recommend ensuring devices are password-protected and utilize encryption. Selling medical records is big business to cybercriminals, more valuable than traditional stolen personal information.