The University of Kentucky HealthCare has posted a public notice on its web site today:
The University of Kentucky is notifying 878 people regarding a breach of protected health information. On September 25, 2011, a phone was lost. The employee had access to electronic mail that may have included information about health conditions with medical record numbers and, in some cases, names. Neither social security number, date of birth, nor credit card, debit card or bank account number was exposed.
The University of Kentucky deeply regrets this incident and continues its commitment to safeguard the privacy of its patients. UK Healthcare has policies and procedures in place to protect patient information, and is currently undertaking additional steps to reinforce those measures. There is no evidence information was misused. The following steps are recommended by the Federal Trade commission to prevent any possible misuse of personal information.
[…]
Kentucky.com also covers the breach notice.
h/t, @FRSecure