Data breach reported at Atascadero State Hospital
–The California Department of State Hospitals (DSH) today announced that a DSH employee with access to Atascadero State Hospital data servers as part of their information technology (IT) job duties improperly accessed approximately 1,415 patient and former patient, and 617 employee names, COVID-19 test results, and health information necessary for tracking COVID-19.
The breach was identified on Feb. 25, 2021, as part of DSH’s annual review of employees’ access rights to data folders pursuant to its information and systems access rights policy and procedure. DSH is investigating the breach and has placed the principal subject of the investigation on administrative leave pending completion of the investigation.
The California Highway Patrol is assisting DSH in its investigation. At this time, DSH has no evidence that there has been any use or attempted use of the information compromised by this incident.
In accordance with federal and state privacy laws, the breach was reported to the United States Health and Human Services, Office of Civil Rights, the California Office of Information Security, the California Office of Health Information Integrity, the California Highway Patrol, the California Department of Public Health, and the California Attorney General’s Office. The patients, former patients, and employees affected by the breach are also being notified.