The department on Feb. 25 discovered that an employee who had access to Atascadero (Calif.) State Hospital data servers as part of their IT job responsibilities had improperly viewed the private health information of about 1,415 patients and 617 employees. Patient and employee data exposed in the breach included names, COVID-19 test results and information needed for COVID-19 tracking.
The additional data involved in the breach belonged to about 1,735 current and former hospital employees as well as 1,217 hospital job applicants who never became employees, according to an April 5 news release. The former employee allegedly improperly accessed these individuals’ addresses, phone numbers, Social Security numbers, birth dates and health information related to employment.
The department discovered the breach as part of its annual review of employees’ data access rights and said it has placed the employee on administrative leave until it is finished with the investigation.
More articles on cybersecurity:
Former Trillium Health employee pleads guilty to stealing thousands of photos, private info from co-workers
Ransomware attack affects 750,000 Personal Touch patients, employees across U.S.
BioTel Heart vendor breach left patients’ information public for nearly a year
