Bay Area Pain Medical Associates in Sausalito, California has been notifying patients of breach it experienced on May 19, when their office was burglarized and three desktop computers were stolen.
To their credit, patient information on the computers was encrypted – except for one Excel spreadsheet, it seems. In their July 10th letter to those affected, they write:
We are notifying you of this incident because although all medical records were encrypted and inaccessible, we believe one Excel spreadsheet containing approximately 2,780 patient names, including yours, and years of service may have been available. Specifically, that document only contained a patient’s first and last name, and the years the patient was seen in our practice (for example, 2008 -2010) . Significantly and fortunately, no social security numbers, dates of birth, financial information, contact information nor medical conditions were listed.
Although this seems to be a very low-risk situations for patients, the practice offered them free services through AllClear ID.
Kudos to the practice for securing patient data and for then going the extra distance in mitigation offers.