Skip to content Skip to navigation

Laptop Theft May Have Exposed PHI of 400,000 Current or Former California Inmates

June 7, 2016
by Heather Landi
| Reprints

The theft of a non-encrypted laptop belonging to a staff member of California Correctional Health Care Services may have exposed the protected health information (PHI) of up to 400,000 patients who served time in California prisons during an 18-year period.

California Correctional Health Care Services (CCHCS), which provides medical services to approximately 128,000 inmates in 35 institutions in California, released a statement on May 16 reporting a potential breach of patient health information.

According to the statement, on April 25, following an investigation, CCHCS declared a potential breach of personally identifiable information (PII) and PHI that occurred on Feb. 25 when a staff member’s non-encrypted, password-protected laptop was stolen from their personal vehicle.

According to the statement, the laptop may be have contained PII and PHI for patients within the California Department of Corrections and Rehabilitation incarcerated between the years 1996 and 2014.

In the U.S. Department of Health and Human Services, Office for Civil Rights, Breach Portal, also known as the Wall of Shame, the incident was posted May 15 and indicates that the breach may have affected up to 400,000 individuals.

In the statement, CCHCS said it was notifying each individual whose unsecured PHI has been, or is reasonably believed to have been accessed, acquired, used or disclosed as a result of the breach.

“As we may not have current contact information for all persons potentially affected, we are taking additional steps of awareness including but not limited to a posting to our web site and notification to the media.”

“CCHCS is committed to protecting the personal information of our patients,” Joyce Hayhoe, director of communications and legislation, said in a statement. “Appropriate actions were immediately implemented and shall continue to occur. This includes, but is not limited to, corrective discipline, information security training, procedural amendments, process changes and technology controls and safeguards. As necessary, policies, risk assessments and contracts shall be reviewed and updated.”

According to the breaches posted to the HHS OCR portal, the CCHCS incident, involving 400,000 individuals, ranks third among the largest breaches this year to date.

The largest breach reported this year so far is 21st Century Oncology, which reported a breach in March affecting 2.2 million people due to a hacking/IT incident on its network server. The second largest breach so far this year was reported by Radiology Regional Center, which affected 483,000 people, due to a loss of paper and films. Followed by the CCHCS breach, there also was Premier Healthcare, which reported an incident affecting 205,700 people due to a stolen laptop. And, the fifth largest breach so far was reported by Community Mercy Health Partners in Ohio, which reported an incident involving the improper disposal of paper/films potentially affecting 113,000 people.




Gates Foundation Awards $210M to UW's Population Health Initiative

The Bill and Melinda Gates Foundation is awarding $210 million to Seattle-based University of Washington’s Population Health Initiative, with the funds going toward the construction of a new building to serve as the initiative’s hub.

AHA Offers Interoperability Standards Recommendations to ONC

The American Hospital Association (AHA) has offered feedback to the ONC on the agency’s draft Interoperability Standards Advisory (ISA) that it issued in August.

Survey: Healthcare Orgs Not Taking Mobile Security Seriously Enough

More than half (56 percent) of healthcare professionals believe their organization could be doing more to educate employees on HIPAA compliance and the rules around sharing protected health information.

Mount Sinai’s Research Arm Using Data Analytics to Address Health Inequities

The Arnhold Institute for Global Health at the Icahn School of Medicine at Mount Sinai is partnering with DigitalGlobe to create the Health Equity Atlas Initiative (ATLAS), a platform that standardizes and maps population data in order to generate insights that address health inequities.

FDA, Hospitals Work to Improve Data Collection about Medical Devices

The U.S. Food and Drug Administration is looking to improve the way it works with hospitals to modernize and streamline data collection, specifically safety data, about medical devices.

McKesson Unveils New Paragon Electronic Health Record Platform

McKesson Enterprise Information Solutions (EIS) announced the latest release of Paragon, its electronic health record (EHR) solution.