HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Sunbury Plaza Dental Discovers Theft of Patient Files

Thieves have broken into a storage facility used by Sunbury Plaza Dental of Westerville, Ohio and have stolen files containing patients’ full names, along with addresses, dates of birth, and Social Security numbers.

Break-ins at storage facilities are not uncommon; however, it is relatively rare for paper files to be taken by thieves. In this case, some patients’ files were removed from the facility. Sunbury Plaza Dental believes the files were taken with intent to use patients’ data to commit identity theft and fraud.

The break-in occurred at some point between March 10 and March 20, 2016, although the theft was not discovered by Sunbury Plaza Dental until May 25, almost two months after the incident occurred. Local law enforcement officers were alerted to the theft and break-in and notified Sunbury Plaza Dental of the incident.

The majority of files in the storage unit were undisturbed, although some files had been removed, according to healthcare provider’s substitute HIPAA breach notice. All of the files have now been recovered from the thieves and patients’ files are all now secured; however, there is a risk that data may have already been used inappropriately.

Please see the HIPAA Journal Privacy Policy

In order to protect patients from financial harm, all affected individuals have been offered a year of identity monitoring services with Kroll. Patients are also protected by a $1 million identity theft policy. Should any patients suffer financial harm as a result of the incident or have their identities stolen, they will be given assistance to restore their identities.

The HIPAA breach has now been reported to the Department of Health and Human Services’ Office for Civil Rights and breach notification letters have been dispatched to all affected individuals. The OCR breach report indicates as many as 7,784 patients may have had their data stolen from the storage facility.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.