The CDPH said that personal information on 9,000 employees was “improperly copied to a private hard drive and removed from state offices.” The data breach was discovered April 5 but the announcement was not made until June 24. The department explained that it conducted an investigation into the data breach and discovered that an employee had removed the information without authorization. It did not offer an explanation about why it took two and half months to complete the investigation.
In December last year, the CDPH admitted that an unencrypted magnetic tape containing sensitive personal and medical information on up to 2,550 facility residents, employees, and health care workers was lost in the mail.
The most recent data breach affects most current CDPH and California Department of Health Care Services employees, as well as 3,000 employees of the former Department of Health Services. The personal information included names and addresses, social security numbers, birth dates, next of kin names and addresses, and workers’ compensation documents.
The CDPH said it is offering credit monitoring services to the affected employees and is implementing additional information security safeguards to protect employee information. It is also conducting a review of its information security policies and procedures and will revise those policies and procedures as needed.