Two flash drives containing personal data regarding about 5,000 patients were stolen from a Palomar Health employee’s car in February. And they remain missing, which officials said could lead to a $250,000 fine for the health system by the California Department of Public Health.

Palomar Health announced late last month that a laptop and two flash drives that held patient details such as names, birth dates, medical conditions, and information regarding treatment and insurance were stolen on Feb. 21 or Feb. 22. While the stolen devices didn’t contain any financial information, the two flash drives were unencrypted and could potentially be accessed with ease. The data on the laptop was encrypted, however, and there doesn’t seem to be evidence that the patient data has been accessed or used, Palomar Health said.

The California Department of Public Health announced it is investigating the theft and that it can fine Palomar Health up to $25,000 per patient whose data was accessed. There’s a $250,000 limit to the fine, however, per data breach.