I am never happy when a breach notification letter tells you there’s been an “incident,” but they don’t actually tell you what the incident was.
Today’s example: a breach notification from Stanislaus Surgical Hospital in Modesto, California. It might have been a hack from their description, but then again, could it be that someone stole patient records? Will patients understand what happened that involved their name, address, account number, Social Security number, and “other identifying information” so that they can assess their risk? And was it even patients or are they notifying employees?
Read the template notification letter and see what you think. Maybe someone (else) will call them and find out what happened there on April 5th. I’m taking a break from notifications and inquiries. 🙂