Share this article on:
White Blossom Care Center in San Jose, CA has started notifying approximately 800 of its residents that some of their protected health information has been inappropriately accessed and acquired by a former employee.
The care center was recently alerted to the potential data security incident and launched an investigation to determine whether a data breach had occurred. A third party technical security expert was brought in to assist with the investigation.
The investigation confirmed that data had been obtained by the former employee, although it was not possible to tell when data were accessed and acquired.
The types of information accessed and acquired by the former employee includes residents’ full names, along with insurance provider names and account numbers, dates of birth, Social Security numbers and medical information such as diagnoses, procedures performed and details of medications. White Blossom Care Center believes only a limited number of the acquired files contain the above information. Based on the information available, the care center believes that credit card/debit card information of other financial data were not accessed or acquired.
The incident has been reported to law enforcement and the care center is continuing to assist in the law enforcement investigation. Appropriate state and federal agencies have also been notified of the incident.
No evidence has been uncovered to suggest any of the information obtained by the former employee has been used inappropriately, but out of an abundance of caution, all affected residents have been offered identity theft protection services for a period of 12 months without charge.
The care center has advised all residents that safeguards had been introduced prior to this incident to prevent unauthorized access and keep personal information secure. However, the incident has prompted the care center to review its safeguards and improvements will be made as appropriate. Employee computer user accounts and passwords have also been reconfigured to further restrict access to sensitive information.