Hillsides, a child welfare agency in Pasadena, Calif., has reported a data breach after discovering an employee had sent internal files with personally identifiable information and protected health information of 502 clients and 468 employees to a personal email address.
The employee sent unencrypted files to a personal email address five times between Oct. 10, 2014 and Oct. 19, 2015. Employee information in the files includes names, Social Security numbers, home addresses and phone numbers. Client information includes names, birthdates, genders, medical identification numbers, therapist names and rehabilitative therapist names.
Hillsides fired the employee, but has been unable to recover the data files from the personal email account. The agency has no evidence any personal information was disclosed or misused at this time.
"We sincerely apologize for the inconvenience and concern these incidents may have caused to our staff and clients, whose privacy is very important to us," said Hillsides CEO Joseph M. Costa. "We will continue to investigate the incident, to reduce harm to potentially affected individuals and to protect against future similar occurrences."
More articles on data breaches:
Boston Medical Center could face lawsuit for patient data breach
ProPublica launches HIPAA Helper database to search breaches by providers
Stolen laptop prompts breach notification at Texas rehabilitation hospital