In August of 2012, Sierra was informed of a potential data breach of its electronic records. The data breach occurred between August 11, 2011 - September 23, 2011 by a former employee looking for information on commissions she was owed by getting documents she had previously prepared. The employee's post-employment network access was not fully discovered until August 2012.
The terminated employee may have viewed or printed a copy of patients' surgery estimates, which do include name and birth date. In rare instances the employee also accessed the name of an insurer, a prescription, surgery notes, a payment balance, and, in less than 50 instances, sensitive payment information including a SSN#, payment information, or personal contact information.
Sierra contacted the former employee, as well as her attorney, explained the situation, and has verified under penalty of perjury that she has returned all records and not kept any records.
Not all patients were affected. Sierra is sending individual letters to all individuals whose data was breached based on their last known address.
If someone was a patient of Sierra, and has any questions or concerns about whether his data was accessed, he/she may contact Sierra's hotline for this issue at (866) 979-2596.
Sierra says it has conducted a review of its data storage access and is assured that the data breach will not happen again in the future.