Geena Arevalo reports that Hampton Roads Community Health Center has disclosed that in December, it discovered that its server with (unencrypted) patient data had been compromised. The center did not disclose the number affected nor how the attack occurred (of course, they may not know that yet), but a notice posted on the center’s web site Friday about the incident informs the public that the files:
possibly contained: first name, last name, gender, date of birth, health plan(s), plan member identification number(s), and medical condition. In some cases, the files may have contained your address, social security number, credit card information or driver’s license number.
This incident has not (yet) appeared on HHS’s public breach tool.