Valdosta State University in GA had a security breach on one of their servers.
The grades and SSN’s of 170,000 students was taken.
While the IT director says:
An initial investigation has found no evidence that any personal data was accessed or transferred…
An additional new release states:
unauthorized access to a computer server including student and faculty social security numbers and grades. The breached server contained employee and student information
Your organization may not have that many patients, but even if you have to report that the personal info of 50 patients was stolen, how would that look to your practice?
What is your computer policy & process for reacting to suspected or actual security breaches of your computers?