Breach, Data Security

Fate of unencrypted drive unknown, PHI of 5,500 in Virginia at risk

More than 5,500 patients of Virginia-based NOVA Chiropractic & Rehab Center of Sterling may have had personal information – including Social Security numbers – compromised after an unencrypted thumb drive containing the data was possibly thrown away.

How many victims? 5,534, according to 

What type of personal information? Names, addresses, health records, and, in some cases, Social Security numbers, dates of birth, diagnoses, insurance claim forms, and payment information, including expired credit card data.

What happened? An unencrypted thumb drive that contained the data was misfiled and put into regular office circulation, inadvertently wiped clean, or possibly thrown away.

What was the response? NOVA is interviewing involved individuals and taking inventory of electronic devices as part of an ongoing investigation. NOVA is improving security by only using encrypted and password protected devices. NOVA has issued a notification that is posted to the website, and is offering a free examination, regular office visit, or therapy session to impacted individuals or their family members.

Details: NOVA learned of the incident on Jan. 30. The unencrypted drive was used to transfer older electronic files.

Quote: “Please rest assured that your health information is intact and our office still has your important records,” John Ratcliffe, clinic director with NOVA, wrote in the notification posted online. “The likelihood that there indeed was a breach of information is extremely low.”

Source:, “Important HIPAA notice,” March 25, 2014.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.