A state employee improperly accessed the records of more than 2,000 Atascadero State Hospital patients and employees in a data breach identified in late February, the Department of State Hospitals (DSH) said.
The breach occurred when the DSH employee accessed names, COVID-19 test results and health information necessary for tracking coronavirus for 1,415 Atascadero patients and former patients and 617 employees, a DSH news release said. The employee had access to Atascadero data servers through their IT job duties.
The employee had been improperly accessing the information for about 10 months before the department found out about the data breach, according to an FAQ about the incident.
“It appears that the employee used the access they were provided in order to perform their normal job duties to go directly into the server, copy files containing patient, former patient, and employee names, COVID-19 test results, and related health information without any apparent connection to their job duties, indicating a high probability of unauthorized access,” the FAQ said.
DSH identified the breach on Feb. 25 as part of an annual review of employee access to data folders, the release said. The agency is investigating the improper access, and the employee is on administrative leave. It was unclear why the employee accessed the information, the FAQ said.
The California Highway Patrol is helping DSH with the data breach investigation. DSH has not found any evidence that the employee has made use of the information accessed in the breach.
DSH is notifying patients, former patients and employees affected by the breach. The agency has reported the breach to the U.S. Department of Health and Human Services, the Office of Civil Rights, the California Office of Information Security, the California Office of Health Information Integrity, the CHP, the California Department of Public Health and the California Attorney General’s Office.
(c)2021 The Tribune (San Luis Obispo). Distributed by Tribune Content Agency, LLC.
