Sutherland Healthcare Solutions

On March 21, 2014, the covered entity (CE), San Francisco General Hospital & Trauma Center reported that eight desktop computers were stolen from Southerland Healthcare Solutions, Inc., the CE’s business associate (BA). The computers contained the electronic protected health information (ePHI) of 27,676 individuals. The ePHI involved in the breach included names, addresses, birth dates, social security numbers, admission and discharge information, treatment location, diagnosis and billing information. The CE provided breach notification to HHS, affected individuals and the media. The CE trained its workforce members on the policies and procedures for responding and reporting security incidents. OCR obtained assurances that the CE implemented the corrective actions noted above.
Location of breached information: Desktop Computer
Business associate present: Yes