Napa Valley Dentistry notifies patients after theft of server from storage facility
A dental practice that purchased another dentist’s practice in 2012 finds itself having to notify their patients and his former patients after the theft of a server from a storage facility.
In a letter to their patients and those of Dr. Justin Quinn, Dr. Justin Newberry of Napa Valley Dentistry states that on August 11, they discovered that a password-protected server with patient information had been stolen at their secured storage unit. The gated storage facility was not named, and they do not indicate whether any other units were burgled at the same time or if this was likely to be a targeted theft. Dr. Newberry writes:
In December 2012, Dr. Justin Newberry, DDS, purchased Napa Valley Dentistry, including this server, from Dr. C. Michael Quinn, DDS. The server may therefore contain personal information of Dr. Quinn’s former patients who may not currently have a relationship with Napa Valley Dentistry. While there is no indication that your personal information was, in fact, accessed without authorization, we are notifying you out of an abundance of caution and offering you identity protection services.
The information reportedly included names, addresses, dates of birth, Social Security numbers and dental insurance information.
The total number of patients was not disclosed in the notification letter, a copy of which was submitted to the California Attorney General’s Office.
In response to the theft, and in addition to notifying patients and regulators, the practice has offered those affected credit monitoring services. Additionally, Dr. Newberry writes:
We have also terminated our relationship with the storage facility from which the theft occurred. We are also in the process of reviewing our information security practices with the goal of making it more difficult for a similar incident to occur in the future.
This is not the first burglary from a storage facility I’ve reported on this year. I shudder to think how many unencrypted devices with ePHI are sitting patiently in storage units, just waiting to be stolen.