The New Haven Register reports:
A bag stolen from a car in September contained data from a local dentist office, but the business said Monday that patients’ privacy has not been compromised.
The bag contained personal items and back-up media cartridges from Soundental Associates P.C. that were being taken to an off-site storage location. It was stolen Sept. 24 from a Soundental Associates employee’s car, according to a press release from Bershtein, Volpe & McKeon P.C. attorneys.
The dental office immediately notified police, who said the cartridges were not the target of the theft and that the incident was part of a series of motor vehicle break-ins occurring in the city, according to the press release.
Patients were also notified in September. Bershtein, Volpe & McKeon, P.C. attorneys said a press release was issued about the incident to comply with laws about patient privacy.
The cartridges include patients’ names, addresses, treatment records, birthdays and, occasionally, Social Security numbers. The data was “scrambled” by software when it was originally backed up and can’t be accessed without access to certain hardware and software. Soundental’s technology consultant confirmed data could not be viewed or extracted without technological expertise and access to certain costly programs.
The incident “poses a low-risk of harm” to clients, the press release says. The office is working to prevent another such incident and has new “safeguards” to protect data, such as no longer storing data on physical equipment. The office’s employees also participate in certified HIPAA training programs.
Read more on the New Haven Register. I’ve been unable to locate a copy of the press release/substitute notice. Dollars to donuts, though, they didn’t offer any explanation as to why the patient data were left in an unattended vehicle.