August 12, 1996
Dear Dr. Balis:
Security is investigating a possible violation of the security of the main server. This server holds all computer records related to personnel employed at SII. As a preliminary matter, we have reason to believe that the medical records of SII Personnel have been compromised, perhaps as long as five weeks ago. An audit trail revealed that the thief searched the medical records specifically for HIV testing. We are particularly concerned about the possibility of industrial espionage. SII's unique program of aggressive AIDS testing of its employees and active early treatment with the new drug therapies has generated a lot of controversy from the media and interest from our competitors. Since you are part of this program, we thought it important to notify you of this security breach.
Our servers are protected by a sophisticated firewall, preventing access from the outside. Therefore, we are confident that this break-in was accomplished by a person with access to SII's intranet.
We urge you to carefully check your medical records stored on the SII system. Because of the sensitivity of this matter, we also urge you to keep in confidence this security breach. Please let me know if you find anything unusual. We appreciate your cooperation.
Very truly yours,