Thousands of patients seeking medical treatment may be at risk of identity theft following a breach of systems belonging to the biotech firm Genentech, according to a letter sent to New Hampshire’s Attorney General on behalf of the company late last month.
As many as 3,500 patients may have had information leaked in the breach, which occurred on August 17 when an “unauthorized person” might have accessed “a vendor’s computers,” according to Genentech’s Chief Privacy Officer, Robert Glaser. The letter was submitted in keeping with New Hampshire’s data privacy law. Nadine O’Campo, a Genentech spokesperson, confirmed the details of the letter for Threatpost.
A slew of unencrypted information may have been exposed in the breach, including patients’ names, addresses, phone numbers, date of birth, e-mail addresses, driver’s license numbers, social security numbers, and medical and health insurance information, according to the letter. Those affected weren’t notified until nearly October. Patients whose records may have been involved in the breach began to receive letters last week postmarked September 30.