Advertisement

County moves to require computer encryption after medical data breach

Share

Following a break-in at a county health contractor’s office that led to the theft of computers containing personal information about more than 342,000 patients, Los Angeles County supervisors moved to tighten protocols for protecting data.

The county already requires that workers’ laptops be encrypted. The supervisors voted Tuesday to extend that policy to also encrypt all county departments’ computer workstation hard drives.

They also asked that county staff members develop a plan to require “all County-contracted agencies that exchange personally identifiable information and protected health information data with the County” to encrypt sensitive information on their computers as a condition of their contracts.

Advertisement

In February, eight computers were taken from the Torrance office of Sutherland Healthcare Solutions, a company that handles medical billing and collections for the county.

Lisa Richardson, spokeswoman for Supervisor Mark Ridley-Thomas, who proposed the new security protocols, said the Sutherland incident “alerted us to some necessary security measures.”

Torrance police are investigating the break-in, along with the Los Angeles County district attorney’s cybercrime team and the U.S. Secret Service, which also investigates computer crimes.

Sutherland has offered a $25,000 reward for information leading to the return of the stolen equipment or the arrest and conviction of those responsible for the theft.

The company, via a public relations firm, released images of a suspect captured by cameras. The suspect shown on film appeared to be a black man of “unknown age and height with a thick build.” He was wearing gloves, a dark sweatshirt and dark hat with white insignias, gray or blue jeans and bright blue athletic shoes. He also had an earring in his left ear and a large watch on his left wrist.

At least three lawsuits have been filed against the county and Sutherland over the incident, alleging, among other things, that the company failed to encrypt the data stored on the computers.

Advertisement
Advertisement