John Muir Health Privacy Breach Reaches San Ramon

About 557 San Ramon residents who are patients at John Muir Health in Walnut Creek may have had their personal and health information accessed due to a theft in early February, the medical center announced earlier today.

The number of affected patients from San Ramon represents roughly ten percent of the 5,450 clients that the center began notifying of the privacy breach, according to Hala Helm, vice president and chief compliance and privacy officer for John Muir Health.

"Since we primarily serve Walnut Creek and the surrounding areas, those might be more heavily impacted," she said, explaining that the amount of patients at risk likely corresponds to the center's presence in particular local communities.

When two laptop computers were stolen at the John Muir Physician Network Perinatal office in Walnut Creek two months ago, the center immediately notified the Walnut Creek Police Department to conduct a thorough internal investigation.

After working with internal experts and external vendors, the center learned that the laptops contained personal and health information going back more than three years.

Communications were withheld until sufficient information surfaced on what type of data was stolen, whether it could be accessed and who was potentially affected, said Ben Drew, director of corporate communication at John Muir Health.

"We didn't want to put something out there that would make people more anxious," he said. "We got things out as soon as we could do it and made sure we could answer questions of the patients."

Only patients who were seen at the Walnut Creek office are at risk of having had their information accessed.

Those affected should receive a notification via mail in the next couple of days. The letter includes detailed instructions on placing a fraud alert, which is highly recommended. In addition, the center has arranged with Equifax to provide an identity theft protection product to impacted patients at no cost for one year.

Concerned patients may contact John Muir Health at a toll free number included in the letter and get general questions answered by calling 941-4151 or e-mailing info@johnmuirhealth.com.

Drew said he is not aware of similar incidents at John Muir Health in recent memory. Other privacy breaches have occurred in the Bay Area at Kaiser Permanente and UC San Francisco.

Security was in place and the suspects broke into a locked and guarded building, Helm confirmed.

Prior to the theft, John Muir Health had begun implementing a program to encrypt laptops but the Walnut Creek office had not received the software yet, according to Drew.

The center locked down laptops at the Perinatal office following the incident and encryption software is being processed for laptops there and throughout the organization, he said.

"This will add another layer of protection for our patients," Drew said.