Federal health officials say the medical records of 4.6 million Californians have been compromised since 2009.
One of the state’s largest data breaches occurred in 2011, when a desktop computer was stolen from an office of Sutter Health in Sacramento. It contained the medical information of nearly 1 million patients.
Also in 2011, a computer at Eisenhower Medical Center in Rancho Mirage that contained the personal information of more than 500,000 patients was stolen.
In both cases, the data was not encrypted. Experts say encryption is the most effective way to protect sensitive information.
Beth Givens, executive director of the San Diego-based Privacy Rights Clearinghouse, said medical records are a big-ticket item on the black market.
“Medical records often contain both the Social Security number and the date of birth, and those are two very valuable pieces of data to open up new accounts in the victim’s name," Givens explained.”
California law requires medical organizations to report data breaches within five days. Violators face a $250,000 fine.
The federal government can also penalize doctors, insurers or hospitals that fail to protect medical records.
Earlier this year, the U.S. Health & Human Services Department fined New York Presbyterian Hospital $4.8 million for a data breach. It's the largest such fine to date.