Santa Clara Valley Medical Center Reveals Data Breach

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

A stolen laptop from Santa Clara Valley Medical Center puts thousands of patients at risk for identity theft.

Healthcare data breaches are a top vulnerable point, and identity thieves know this. Around the country, data breaches at medical centers are on the rise, with California occupying the number-one hot spot for this illegal activity.

Theft of company computers and hacking into the system are two of the most common ways thieves get access. Imagine the type of sensitive information your medical provider has about you—your social security number, address, date of birth, and even credit card information might be on file.

The good news is that California has one of the most impressive consumer privacy laws in the U.S., requiring businesses and agencies to notify residents in writing when their personal information got into the wrong hands (or even if it’s “just” suspected). Unfortunately, not every business knows the law and/or follows it to the letter. Thousands of California residents had their data breached and might not even know about it.

Worse, some of these breaches were 100-percent preventable. Medical centers and other businesses are required to encrypt information and properly safeguard personal information to make stealing it a challenge. Do you know how safe your information is?

Hospital privacy class action lawsuits are welcoming new members every month as more people become aware of the situation. Most recently, the Santa Clara Valley Medical Center sent letters to patients letting them know about a Sept. 16, 2013 data breach. The letter stated that “an unencrypted audiology department laptop used for hearing screenings was stolen either Sept. 14 or 15.” That laptop contained the names of patients along with sensitive information such as their medical records and even their brainwaves from testing. The protected health information (PHI) getting stolen only exacerbated this data breach catastrophe.

The clinic reported the theft to the police for investigation, but so far little information has turned up. To prevent similar data breaches in the future, the clinic has gone on record that they will be amending current security practices which are clearly wanting: “SCVHHS maintains high standards for the safeguarding or protected health information (PHI) and takes all potential and actual patient privacy breaches seriously. To protect against any further breaches and to ensure that all our patient’s information remains private, the Compliance and Privacy Officer will speak to the department heads to ensure proper policies and procedures are being followed; will provide a training for the department; and will educate any employee who breached a patient’s protected health information. Further, any employee found violating these privacy standards is subject to disciplinary action as determined by Labor Relations, as per County policy.”

Hopefully these actions will prevent a future data breach, but that does little to comfort the current data breach victims.

This clinic is far from alone when it comes to data breaches.

At the California Department of Public Health (CDPH), an internal program also experienced a recent data breach. The agency also sent letters to patients who were victims, all of whom were part of the Center for Family Health, Women, Infants and Children (WIC). In this case, it was an employee to breached the data back on Aug. 20, 2013 by mistakenly giving the wrong records to certain patients. Even though the records were returned, that data was still compromised.

The good news is that the information provided listed “only” names and medical information. In the letter, the agency asked patients to “Please accept our deepest apology for any inconvenience this situation may cause you. We regret that this incident occurred and want to assure you we are reviewing and revising our procedures and practices to minimize the risk of reoccurrence.”

Are You a Victim of a Hospital Privacy Violation?

If you live in California and got a letter from a medical provider about a data breach, you might not realize that you qualify for a class action lawsuit. A number of agencies have exposed sensitive data, and more are nearly guaranteed to happen in the future. These clinics and agencies include: AHMC Hospitals, AHMC Healthcare Inc., Garfield Medical Center, Monterey Park Hospital, Greater El Monte Community Hospital, Whittier Hospital Medical Center, San Gabriel Valley Medical Center, Anaheim Regional Medical Center, Cottage Health System, Goleta Valley Cottage Hospital, Santa Ynez Valley Cottage Hospital, Santa Barbara Cottage Hospital, Kaiser Hospital, Anaheim Medical Center, Long Beach Memorial Medical Center, Northern Inyo Hospital (NIH), Santa Clara Valley Medical Center, UCLA Hospital, and University of California San Francisco (UCSF) Medical Center.

By joining a class action lawsuit, you may be able to receive compensation for out-of-pocket expenses related to the breach, such as identity theft costs and additional damages.

Act on the Data Breach

If you live in California and received a letter from any agency or clinic regarding a breach, you may qualify for a data breach legal claim. Find out more by visiting the Calif. Hospital Data Breach, Medical Privacy Violations Class Action Lawsuit Investigation. Once you submit your information, an attorney will contact you if you qualify for a complimentary data breach claim review.