Kindred Healthcare Inc. (Kindred Transitional Care And Rehablitation) reported a burglary of their Sellersburg, Indiana facility on June 1. The theft of patient data affected 1,504, according to their report to HHS. The burglary appears to the second burglary experienced by Kindred this year.
A July 25 Notice on their web site explains:
Sometime between June 1, 2012, and June 4, 2012, there was a break in at Kindred Transitional Care and Rehabilitation-Sellersburg’s business office. No one was hurt during the incident and patient care was not affected. On June 4, 2012, Kindred discovered that a safe was missing. Kindred contacted the police department on June 4, and an investigation was conducted by the police department. To date, the safe has not been located.
Inside the safe were tapes used by Kindred to back up files containing data relating to past, present and prospective patients at several Kindred facilities. Some of the information on the tapes included diagnosis and social security numbers. The tapes also included other clinical and financial information such as address, date of birth, insurance number, dates that services were received from Kindred, discharge location, activities of daily living, collections letters, medications received, and bank account information. Most of the individuals whose information was included were admitted between 2009 and 2012.
The tapes require specialized equipment and software to view the information contained on them, and Kindred has no reason to believe the information has been or will be accessed by any unauthorized person. Although there is no reason to believe that the information has been or will be used for any illegal or unauthorized purpose, out of an abundance of caution, Kindred provided notice to affected individuals in accordance with state and federal law. At this time, Kindred has no evidence that personal information has been misused.
[…]
It was while digging into that breach I found there had been a prior burglary reported by Kindred for another one of their locations. That breach notice is no longer available on their site, but I was able to retrieve it via cache:
APRIL 16, 2012
Kindred Transitional Care and Rehabilitation-Highgate (Kindred) takes the privacy of health information seriously. On the evening of January 26, 2012, there was a break in of the main office at Highgate. Kindred immediately contacted authorities, and an investigation was conducted. On January 27, 2012, we discovered that a safe was missing from the main office area of the facility. Inside the safe were the backup tapes used by Kindred to back up files maintained at the facility. The backup tapes were not encrypted, but the tapes require specialized equipment and software to be able to view the information contained on them. Kindred conducted a thorough review of the contents of the backup tapes. The information on the tapes included patient names, dates of birth, gender, diagnoses and progress notes. The information did not include any social security numbers or other financial information.
We do not believe the safe was stolen for the backup tapes, nor do we believe the tapes have been accessed. Kindred is currently reviewing our procedures for storing backup tapes to see if other safeguarding measures are appropriate.
We have been unable to notify some individuals who were affected by this theft. If you believe your protected health information may be affected, please contact Kindred toll-free at 800-545-0749 for more information.
The Highgate burglary has not been listed on HHS’s breach too.
Two office burglaries within a six-month period, at two locations? Curious.