Stolen computers contained patients’ SSN

I really wish OCR would list the types of information involved in the breaches they report on their site. In digging into one of their newly added reports, however, I found that the incident did include SSN:

Rockbridge Area Community Services
State: Virginia
Approx. # of Individuals Affected: 500
Date of Breach: 3/12/10
Type of Breach: Theft
Location of Breached Information: Laptop, Desktop Computer

RACS posted a copy of their notification letter to clients on their web site, here.  The letter indicates that computers stolen from a fire-damaged building contained unencrypted names, Social Security Numbers, and other confidential information.  RACS provides mental health, substance abuse, and prevention services.

But what about their other newly reported incidents that were not reported in the media or on the entities’ web sites? Anyone with additional information on breaches reported on OCR’s web site that have not been in the media, please forward the info to breaches[at]

About the author: Dissent

Comments are closed.