Nevro Corporation in California provides what they call HF10 therapy devices for patients coping with chronic pain. After several laptops with patient data were stolen during an office burglary, they had to notify patients that their information was on the unencrypted devices: name, street address, birth date, procedure date, medical device identifiers (such as serial number), and contact information for the patient’s physician or other medical provider.
The number of patients impacted by the theft was not disclosed in the notification letter. Nor was the date of the office burglary. Nevro emphasized, however, that none of the stolen laptops contained, sensitive identifying information, credit card or financial institution information, or treatment or medical information other than the information directly related to the fact of the use of the device.