Rape & Brooks Orthodontics, P.C., a multi-office Alabama practice specializing in braces for children and adults, recently notified 20,744 patients that burglars had broken into their Centerpoint, Alabama office and stolen some equipment, including a server that held personal and protected health information on patients who had been seen over the last 30 years by Rape & Brooks Orthodontics, PC; Luther T. Cale & W. Gregory Rape, Orthodontics, PC; St. Clair Orthodontics, LLC and Luther T. Cale, DMD Orthodontics, PA.
According to a statement on their web site dated March 4, the theft was discovered on the morning of February 4. Information on the server included the names of patients and account holders (e.g., the parent) as well as their addresses and the minors’ date of birth. For those account holders who provided insurance information, their Social Security number and date of birth may also be part of this data. Social Security numbers of minor children were not stored on the server, but the orthodontists note that for those patients who had insurance under AllKids with Blue Cross & Blue Shield of Alabama, their SSN might be part of their insurance information.
Some credit card numbers were also stored on the server for a “small and select number of account holders.”
In addition to the server containing so much unencrypted personal information, several computers and external drives were taken contained facial and intraoral photographs of patients. The statement notes that “The license for the software necessary to view these photographs has been canceled, so these photos should no longer be accessible by anyone.”
The Jefferson County Sheriff’s Department was notified of the theft.
You can read their statement on their web site, replete with self-serving statements that might falsely reassure patients who should be taking steps to protect themselves. There is also a companion FAQ. The doctors do not offer their patients any free credit-monitoring or credit restoration services.