The Fairfax County Health Department in Virginia is sending notification letters to roughly 1,500 individuals after Bailey's Health Center – one of the county's health care clinics – inadvertently left private pharmaceutical records on an unsecured computer server.

How many victims? 1,499.

What type of personal information? Names, addresses, pharmacy identification numbers, medication names and dosages, description of medication National Drug Code, payment information, prescriber's names and addresses, and Social Security numbers.

What happened? A computer file containing the pharmaceutical records was inadvertently left on an unsecured computer server. The information was accessed by three different entities on four occasions.

What was the response? All compromised files were moved to a secured server within a few days. Affected individuals are being notified of the incident by mail and are being offered a free year of credit monitoring services. The Fairfax County Health Department is reviewing its contract language and requirements related to handling pharmaceutical records. The department is implementing extra steps to protect patient records, including reviewing existing databases to confirm all patient data is encrypted.

Details: The patient information was left on the computer server and accessed between Sept. 9 and Oct. 3. The incident was discovered during a routine forensic audit on Oct. 4. Compromised files were moved to a secure server on Oct. 7. The Fairfax County Health Department was notified on Oct. 24. 

Source:, “Notification of Unauthorized Release of Personal Patient Information,” Dec. 13, 2013.