Here’s another medical data breach–and a second one from Kentucky recently, no less. Last week’s Rip involved Bowling Green, with a breach of 5,418. This week, we’re hearing about Our Lady of Peace, a psychiatric hospital.

Officials there are sending letters to 24,600 patients affected by the loss of a flash drive. The Courier-Journal reports, and thanks to Jake K for the tip.

According to the article:

Hospital officials ran a legal advertisement in The Courier-Journal on Thursday notifying the public of the problem. They said the drive contained the following information on patients admitted since 2002: patient names, room numbers, insurance company names and admission and discharge dates. It didn’t include diagnoses or treatments, Social Security numbers, dates of birth, telephone numbers or addresses for these patients.

The drive also included the following information on patients assessed since 2009 but never admitted: name, date of assessment, date of birth and the time they left the hospital. For these patients, the information on the drive didn’t include diagnoses or treatments, Social Security numbers, telephone numbers, addresses or insurance information.

The hospital is also reportedly taking steps to increase their security, such as deploying encryption.