From the ADA News:
An Indiana dentist has agreed to pay a $12,000 settlement for allegedly mishandling patient records and is the first person sued by the state for violating the Health Insurance Portability and Accountability Act.
The linked article has several very interesting features.
The dentist was sued and paid a settlement to the state, not the feds. HIPAA is a Federal standard but states are authorized to investigate and penalize people under the new rules.
The lost data was not digital but discarded paper files. Over 20% of reported data breaches are paper. Supposedly the dentist hired a company to dispose of the records and they ended up in a dumpster.
Despite the exposure no identity theft was identified or reported. This is the case in the vast majority of cases.
Finally the article notes the dentist had lost his license in 2011 following an investigation into fraudulent billing and negligence. Make of that what you will.