Kelsey-Seybold Clinic has confirmed to this site that they recently notified patients of a data loss incident that has not been reported in the mainstream media.
According to a few sources that we could not confirm, the breach involved unencrypted patient data. The only statement the clinic would make in response to a request for additional information is that:
A laptop was misplaced or stolen from a Kelsey-Seybold Clinic employee during April 2009. We have found no evidence of any inappropriate use of this information and have notified our patients as a precaution. We have no reason to believe that any sensitive personal identification information has been accessed.
Comment:
So how many patients had data on the laptop? 5? 100? 100,000? More? What kinds of information were on the laptop? Was it lost or stolen from the clinic or from an off-premises location? Why were the data unencrypted, if they were? And how can the clinic say that they have no reason to believe any personal information has been accessed if they’re not even sure whether the laptop was stolen or lost?
If anyone has a copy of the notification letter from the clinic that they scan in, please send a copy to admin[at]phiprivacy.net