I already had my data stolen from the Office of Personnel. Now I have to watch my credit reports like a hawk. They did provide a protection service, but it would be better not to have the data stolen. Any private healthcare organization must have secure websites to comply with HIPAA. Is the federal government exempting itself from THAT law, too?