This is one of the incidents for which we previously had no details.
Gene S. J. Liaw, M.D., a Washington physician, reported an incident involving a lost device to the U.S. Dept. of Health & Human Services and they summarized the incident this way:
An unencrypted USB drive used to store patient information could not be found in the office. The device contained data for 1,105 patients, including names, addresses, phone numbers, dates of birth, diagnosis codes, insurance information, and Social Security numbers. To prevent such a loss in the future, the entity replaced the missing drive with encryption-capable USB drives; put in place secure, locked storage facilities for its mobile devices; implemented policies preventing removal of such devices from the office; and provided individual notice to each of the affected patients.
The drive was noticed as missing on April 4, 2011.