The University of Virginia Medical Center has posted a notice of a breach:
The University of Virginia Medical Center and Continuum Home Infusion are committed to protecting the personal information entrusted to us by our patients and potential patients referred to us for care. Regrettably, this notice is regarding an incident involving some of that information.
On Oct. 5, 2012, we learned that an unencrypted handheld electronic device used by Continuum Home Infusion on-call pharmacists went missing sometime around that same date. We immediately began a thorough search for the device and an investigation to confirm what information was included on it. Even though we do not believe the device was stolen, we also filed a police report.
We determined that the device may have contained patient information, including patients’ names, addresses, diagnoses, medications and health insurance identification numbers that in some instances are Social Security numbers. The device did not contain any credit card or bank account information. Not all UVA Medical Center patients are affected, only certain Continuum Home Infusion patients. The patients affected include those who received services from Continuum Home Infusion during the month of September 2012 and potential patients who were referred to Continuum Home Infusion from August 2007 through September 2012.
We have been unable to locate the handheld device, but we have no reason to believe that the information on it has been accessed or used. However, out of an abundance of caution, we began notifying affected patients on Nov. 30, 2012. We have also established a dedicated call center for patients with questions that will open Monday, Dec. 3. If you believe you are affected but do not receive a letter by Dec. 21, 2012, please call 855.770.0003 Monday through Friday between 8 a.m.-5 p.m. Eastern and enter the reference code 8827111912 when prompted.
We deeply regret any inconvenience this may cause our patients. To help prevent this from happening in the future, we have re-educated our staff regarding the importance of safeguarding protected health information and electronic devices containing protected health information.
Continuum Home Infusion is part of the UVA Health System, which maintains its own home health agency, Continuum Home Health Care (CHHC), to healthcare for patients who require care at home.
h/t, The Daily Progress, who have additional details on this incident.
Update: InTheCapital reports that it was a Palm device.