Breach Hits an Orthodontics PracticeNearly 21,000 Affected by Stolen Server
Rape & Brooks Orthodontics of Birmingham, Ala., reported to the Department of Health and Human Services' Office for Civil Rights that 20,744 individuals were affected by a breach involving the theft of an unencrypted server.
On Feb. 4, the practice's office in Center Point was broken into and equipment was stolen, according to a statement on the practice's website. The server included information on patients treated during the past 30 years at various locations. The information included the names and addresses of patients and parents and dates of birth of minors. Social Security numbers of some parents also were included, along with a limited number of credit card numbers, the practice reported.
The orthodontics practice is cooperating with local police on the investigation. Although it did not offer patients free credit monitoring services, it encouraged patients to check their credit reports and create a fraud alert on their credit files.
The OCR's list of breaches affecting 500 or more individuals now includes 272 cases affecting nearly 10.9 million individuals. The list includes incidents dating back to September 2009, when the HITECH Act's interim final breach notification rule went into effect.