Additional data accessed during Atascadero State Hospital data breach
Data was improperly accessed, says ASH
–As part of its ongoing investigation of a data breach at Atascadero State Hospital that was identified on Feb. 25, the Department of State Hospitals (DSH) today announced the discovery of additional data that had been improperly accessed during the same data breach. The additional data consists of personal information including addresses, phone numbers, email addresses, social security numbers, date of birth, and health information related to employment, of approximately 1,735 employees and former employees, and 1,217 DSH job applicants who never became DSH employees.
The newly identified data was discovered during the investigation of the same employee who was found to have improperly accessed approximately 1,415 patient and former patient, and 617 employee names, COVID-19 test results, and health information necessary for tracking COVID-19. DSH is continuing its investigation of the data breach and has placed the principal subject of the investigation on administrative leave pending completion of the investigation.
The California Highway Patrol is assisting DSH in its investigation. At this time, DSH says there is no evidence that there has been any use or attempted use of the information compromised by this incident.
In accordance with federal and state privacy laws, this update to the initial report of a data breach was reported to the United States Health and Human Services, Office of Civil Rights, the California Office of Information Security, the California Office of Health Information Integrity, the California Highway Patrol, the California Department of Public Health, and the California Attorney General’s Office. Employees, former employees, and potential DSH job applicants affected by the breach are also being notified.