More than 5,500 patients of Virginia-based NOVA Chiropractic & Rehab Center of Sterling may have had personal information – including Social Security numbers – compromised after an unencrypted thumb drive containing the data was possibly thrown away.

How many victims? 5,534, according to 

What type of personal information? Names, addresses, health records, and, in some cases, Social Security numbers, dates of birth, diagnoses, insurance claim forms, and payment information, including expired credit card data.

What happened? An unencrypted thumb drive that contained the data was misfiled and put into regular office circulation, inadvertently wiped clean, or possibly thrown away.

What was the response? NOVA is interviewing involved individuals and taking inventory of electronic devices as part of an ongoing investigation. NOVA is improving security by only using encrypted and password protected devices. NOVA has issued a notification that is posted to the website, and is offering a free examination, regular office visit, or therapy session to impacted individuals or their family members.

Details: NOVA learned of the incident on Jan. 30. The unencrypted drive was used to transfer older electronic files.

Quote: “Please rest assured that your health information is intact and our office still has your important records,” John Ratcliffe, clinic director with NOVA, wrote in the notification posted online. “The likelihood that there indeed was a breach of information is extremely low.”

Source:, “Important HIPAA notice,” March 25, 2014.