On the late afternoon of Monday July 25, 2016, my car window was broken out and my briefcase was stolen. In that briefcase was an external hard drive containing two different types of data. First, all office patient records were backed up on the drive, including social security numbers, driver's license numbers, phone numbers, date of birth, physical and email addresses and health insurance information. NO passwords or user names appear in these records. No complete credit card information or bank account information was stored on this drive (only the last four digits of the most recent card used is stored). As a result, your personal information is now potentially accessible to unauthorized individuals. However, the risk of accessibility is extremely low because the data in its format is unreadable. In consulting with my dental software experts, they assure me it would be incredibly difficult and unlikely for anyone to access your records. However, since the data is not encrypted, I am required by law to notify you. Secondly, pictures of patient cases (teeth only, no faces) that included patient first and last names and phone numbers were saved on the drive. These files of pictures are stored in jpeg format and can be opened easily.
Immediately upon discovery of the theft, I contacted local authorities and reported the theft and filed a police report. You may contact Detective Harris (badge #40215) at (310) 444-1580 and reference case number 1608-13548 if you have any questions.
At this point, in order to protect yourself from the risks associated with this breach, you may want to take the following steps:
I am truly sorry to have inconvenienced you, my patients, with this unfortunate event. This theft did not happen in the office. The thief did not break into a medical facility, but rather a car parked in a commercial structure and therefore was not targeting this kind of information. Again, after numerous consultations with the dental software company, I am convinced the risk of any unauthorized person being able to access the medical records information (which is listed above) is incredibly low as the software is HIPPA compliant. We have placed other safeguards with that company which require PIN and caller ID verification to prevent any access to this data by an unauthorized party. All data of patient records is in unreadable format; it cannot be opened without extreme effort, costly purchases, and expert guidance.
If you have further questions, please contact my office either by phone at (310) 820-7272 or by email at firstname.lastname@example.org.