I first saw this over at Emergent Chaos but settled for reading the short version over at The Register where they discuss the theft of two computers at San Jose Medical Group containing 185,000 patients’ records.

As usual, a spokesman says it was just the computers they were after:

“We believe they were stolen because of the kind of computers they were and not because of the information,” [vice president of information technology for the San Jose Medical Group, Mike] Patel said, noting that there have been no reports of patients’ personal or financial information having been compromised.

How stupid do they think we are? The computers were stolen on March 28th, he made that statement sometime before April 8th, just over a week later. It often takes months or more for people to realize that they were victims of identity theft. Throw in the facts that the new owner of those laptops is probably smart enough to sit on the data for a little while, that it takes some time to get everything ready to tear through an Identity, and the fact that just because they haven’t heard doesn’t mean it didn’t happen, and this statement looks even more like wishful thinking at best and flat-out lying at worst.

Getting back to th incident itself, according the the NetworkWorld Fusion article

The computers were taken from behind locked doors at the administrative offices of the San Jose Medical Group on March 28, after thieves broke through the doors.

So I’m supposed to believe that someone broke through a locked interior door on the off chance there was some hardware behind it? I believe a lot of things, but that’s not one of them. This thing reeks of “planned inside job,” not “target of opportunity.”

Wake up, IT and Corporate Managers of the world, and realize that the contents of those hard drives can be sold for Real Money. This is not about the hardware. Used computer hardware is pretty much worthless if you can’t still smell the chemicals leaching out of the plastic, especially when devalued to the ten cents on the dollar that a fence is going to pay for it. A laptop with 185,000 sets of PII including the holy grail of Identity Theft Fraud by Impersonation, the Social Security Number, on the other hand, is potentially worth well over a million dollars in the hands of someone who knows how to abuse them.

The value of data is still too abstract a concept to most people–they can understand that having a laptop stolen means the owner no longer has a laptop. Comprehending the idea that you can have something stolen and yet still have it, as is the case with the data on these laptops or, according to the RIAA, music on a Peer-to-Peer network makes people’s heads hurt.

The person who actually committed the theft and may eventually be prosecuted for it probably doesn’t appreciate what they just did, but I’d wager that the person who paid them for it has a keen understanding of what he or she just bought.

Good luck to you. All 185,000 of you. I’m afraid you’re going to need it.

I detected an aroma on this one, too. The police report says the door’s location is “unknown” and the method of entry is also “unknown”. That either means somebody is full of it, Barney Fife has been hired in San Jose, or David Blain is an identity thief. My money is on choice the first.

Wasn’t it Grace Hopper who said companies will have a line on their balance sheets labelled “Information?” And didn’t she say it over 50 years ago?

PS: Nice link to emergent chaos, but for, ummm, some reason, which I can’t fathom, it didn’t trackback. :)

San Jose Medical Group, 185,000, Joseph Nathaniel Harris (update)

Joseph Nathaniel Harris has been arrested and charged with the April break-in to the San Jose Medical Group, and stealing two computers with 185,000 medical records on them. The San Francisco Chronicle reports: “During Harris’ employment at San Jose…

Well he broke into my during x-mas break i hope he burns in hell and i feel for the people that were victims i hope he stays in jail for long time. hope that the sue him..