Share this article on:
The California Department of Corrections and Rehabilitation has announced that an employee of the Division of Adult Institutions’ California Health Care Facility emailed a document containing patients’ names and Social Security numbers to an individual unauthorized to view the data.
The disclosure of patients’ data occurred on May 2, 2016 and was not believed to have been conducted with malicious intent. The email was simply sent to the wrong person.
To reduce the risk of similar incidents occurring in the future, the California Health Care Facility has revised its policies and procedures. The email has also been deleted from the email system, although it is possible that the data were viewed by at least one unauthorized individual.
All individuals affected by the privacy incident have been advised to place a fraud alert on their credit files and have been told to read the California Attorney General’s consumer tips for victims of privacy breaches and to take the appropriate steps they feel are necessary to mitigate risk.
The incident has not yet appeared on the Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal, so it is unclear exactly how many individuals have been affected by the latest privacy incident.
This is the second data breach to affect patients of the California Department of Corrections and Rehabilitation. In May, a data breach was reported that impacted 400,000 current and former prisoners. An unencrypted, but password-protected laptop computer was left in the vehicle of an employee of California Correctional Health Care Services. The laptop computer was stolen on February 24, 2016.