The Miami Herald reports that U. of Miami is notifying 1,219 patients after a flash drive with unencrypted patient data was stolen from a pathologist’s car in November.
From the FAQ on the breach:
What Happened?
On November 24, 2011 a vehicle belonging to a Pathologist from the University of Miami Miller School of Medicine had its rear window broken and a briefcase containing an electronic storage device (a USB hard drive) stolen.
What Kind Of Information Was Included On The Lost Drive?
Information stored on the drive included limited data elements of certain patients who had specimens reviewed by the department of Pathology between 2005 and 2011. This information included name, medical record number, age, sex, diagnosis and treatment information. No financial information or social security numbers were stored on the stolen drive.
[…]
Why Was My Information Being Stored On The Drive?
The Pathologist involved kept a copy of limited aspects of some patient information on the stolen drive to facilitate data analysis and review while away from the office.
What Is The University Of Miami Doing About The Incident?
The incident was reported to local law enforcement for investigation. The University is notifying all individuals whose information was included on the stolen drive. However, it is important to note, at this time, there is no indication that the information has been misused in any fashion. It appears to be petty theft. The University continuously reviews its physical and electronic safeguards to ensure that personally identifiable information remains secure. The University currently encrypts portable laptop computers and will be examining further means to secure its data at rest. The University is also posting pertinent information to an incident website and establishing a toll free number (855-540-4773) for affected individuals to call for further information. As required, this issue will be reported to the US Department of Health and Human Services.
Is There Any Evidence That This Information Has Been Misused?
No, there is no evidence that this information has been misused.
How Do I Know Whether My Information Was On The Stolen Drive?
Only individuals whose information was stored on the stolen hard drive will receive a letter about this incident.
[…]
They also posted a copy of the letter sent to affected patients.