HealthcareCISO

The Department of State Hospitals (DSH) in California has discovered an employee accessed the protected health information (PHI) of 1,415 current/former patients and 617 employees without authorization.

The individual had an Information Technology role and had access to data servers containing sensitive patient and employee information in order to complete work duties. The improper access was discovered by DSH on February 25, 2021 during a routine annual review of access to data folders.

An investigation was immediately launched which revealed the employee had been accessing data without authorization for around 10 months. Files containing names, COVID-19 test results, and other health information necessary for tracking COVID-19 were copied directly from the server. The investigation into the privacy breach is ongoing and the employee has been placed on administrative leave pending completion of the investigation. So far, the investigation has not...