Dr. K. Min Yi of San Jose, Calif., recently began notifying 4,676 patients that their personal and health information may have been exposed when her office was broken into in May of 2013 and a desktop hard drive and external hard drive were stolen.
While the San Jose Police Department was notified of the burglary on May 28, 2013, nothing was recovered.
The stolen drives contained patients' names, addresses, phone numbers, birthdates, insurance information, medical history (including lab and radiology reports), and surgical information if surgery was performed. In some cases, Social Security numbers were also exposed.
"Please be assured that I have taken every step necessary to address the incident and I am taking this matter very seriously," Yi wrote in the notification letter [PDF]. "Upon discovery of the burglary, not only was the police department immediately contacted, but I have initiated an internal investigation and am in the process of developing a policy addressing this type of incident."
It's not clear from the notification letter why it took more than six months to notify affected patients.
While no credit protection services are being offered to those affected, all recipients of the notification letter are being advised to consider placing fraud alerts on their credit files.