A periodontist from Germantown, Maryland has notified HHS of a security breach that affected 1,000 patients.
A web site about the breach, created by ID Experts, describes the incident:
On October 14, 2010, when the computer system of the dental Practice of Gary C. Spinks, DMD, PC, shut down, the Practice learned that a hacker had unlawfully and secretly hacked the computer system and server of the Practice.
Personal health information, including patient names, addresses, health and dental insurance member numbers, Social Security numbers, dates of birth, dental care records, and dental x-rays may have been accessed.
The breach support web site appears to have been registered on December 9, and the incident was reported to HHS on or about January 4, 2011, more than 60 days after the breach was discovered.
I note that the FAQ does not indicate when the compromise occurred – only that it was discovered on October 14. TheHHS log indicates that the breach occurred on or about September 29th.
The FAQ indicates that there had been no evidence of misuse of the data at the time the FAQ was posted, but of course, data is not always misused immediately. Patients were offered free credit monitoring services.