Health Agency Announces Data Breach Affecting 9,000 People

On Friday, the California Department of Public Health reported a security breach that could have exposed the health and personal data of about 9,000 current and former state employees, HealthLeaders Media reports.

Previous Incident

The breach is CDPH's second security incident in less than a year. In December 2010, CDPH announced a breach affecting about 2,550 residents and employees of skilled nursing facilities in Southern California.

In that instance, CDPH's West Covina office sent a magnetic tape containing sensitive data through the U.S. Postal Service instead of through a private courier. The magnetic tape never arrived at its destination.

Latest Breach

According to CDPH, officials started investigating the latest breach after the state's security detection system identified "unusual activity" on April 5. DPH found that there had been "unauthorized removal of information from state premises by an employee."

Ron Chapman, director of CDPH, said the sensitive information "was improperly copied to a private hard drive and removed from state offices" (Clark, HealthLeaders Media, 6/27).

Some of the personal information copied to the hard drive included:

• Names;
• Addresses;
• Birth dates;
• Social Security numbers; and
• Workers' compensation data.

When asked why CDPH took nearly three months to report the data breach, agency spokesperson Al Lundeen said the incident required a thorough investigation.

Follow-Up Action

The employee who allegedly copied the data has been placed on administrative leave pending completion of the investigation (Perkes, Orange County Register, 6/24).

Lundeen said that CDPH "will undertake some internal safeguards and see what we can do about putting policies or practices in place to prevent such incidents again."

Meanwhile, the agency said it will offer credit-monitoring services and a no-cost telephone hotline to affected current and former employees (HealthLeaders Media, 6/27).