The records included patient names, addresses, birth dates, driver’s licenses, medical record numbers, and in some cases social security numbers, the hospital said in a statement. The data breach was discovered by the hospital around Dec. 19.
“After a thorough investigation it was determined that an employee, against LLUMC policy, had attempted to take, or did take work related information home. All of the original documentation related to this incident has been secured, and the employee responsible has been terminated”, the hospital said.
It was unclear from the statement whether the former employee misused the data, although the hospital is providing affected patients with data breach management services through TransUnion.
LLUMC notified the affected patients, as well as the San Bernardino County Sheriff’s Department and California Department of Public Health about the data breach.
The hospital is conducting an internal investigation to determine how the data breach happened and how it can be prevented in the future, a spokesperson told the Press-Enterprise newspaper.