Laptop Theft May Have Exposed PHI of 400,000 Current or Former California Inmates | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Laptop Theft May Have Exposed PHI of 400,000 Current or Former California Inmates

June 7, 2016
by Heather Landi
| Reprints

The theft of a non-encrypted laptop belonging to a staff member of California Correctional Health Care Services may have exposed the protected health information (PHI) of up to 400,000 patients who served time in California prisons during an 18-year period.

California Correctional Health Care Services (CCHCS), which provides medical services to approximately 128,000 inmates in 35 institutions in California, released a statement on May 16 reporting a potential breach of patient health information.

According to the statement, on April 25, following an investigation, CCHCS declared a potential breach of personally identifiable information (PII) and PHI that occurred on Feb. 25 when a staff member’s non-encrypted, password-protected laptop was stolen from their personal vehicle.

According to the statement, the laptop may be have contained PII and PHI for patients within the California Department of Corrections and Rehabilitation incarcerated between the years 1996 and 2014.

In the U.S. Department of Health and Human Services, Office for Civil Rights, Breach Portal, also known as the Wall of Shame, the incident was posted May 15 and indicates that the breach may have affected up to 400,000 individuals.

In the statement, CCHCS said it was notifying each individual whose unsecured PHI has been, or is reasonably believed to have been accessed, acquired, used or disclosed as a result of the breach.

“As we may not have current contact information for all persons potentially affected, we are taking additional steps of awareness including but not limited to a posting to our web site and notification to the media.”

“CCHCS is committed to protecting the personal information of our patients,” Joyce Hayhoe, director of communications and legislation, said in a statement. “Appropriate actions were immediately implemented and shall continue to occur. This includes, but is not limited to, corrective discipline, information security training, procedural amendments, process changes and technology controls and safeguards. As necessary, policies, risk assessments and contracts shall be reviewed and updated.”

According to the breaches posted to the HHS OCR portal, the CCHCS incident, involving 400,000 individuals, ranks third among the largest breaches this year to date.

The largest breach reported this year so far is 21st Century Oncology, which reported a breach in March affecting 2.2 million people due to a hacking/IT incident on its network server. The second largest breach so far this year was reported by Radiology Regional Center, which affected 483,000 people, due to a loss of paper and films. Followed by the CCHCS breach, there also was Premier Healthcare, which reported an incident affecting 205,700 people due to a stolen laptop. And, the fifth largest breach so far was reported by Community Mercy Health Partners in Ohio, which reported an incident involving the improper disposal of paper/films potentially affecting 113,000 people.


Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.

Allscripts Touts 1 Billion API Shares in 2017

Officials from Chicago-based health IT vendor Allscripts have attested that the company has reached a new milestone— one billion application programming interface (API) data exchange transactions in 2017.

Dignity Health, CHI Merging to Form New Catholic Health System

Catholic Health Initiatives (CHI), based in Englewood, Colorado, and San Francisco-based Dignity Health officially announced they are merging and have signed a definitive agreement to combine ministries and create a new, nonprofit Catholic health system.

HHS Announces Winning Solutions in Opioid Code-a-Thon

The U.S. Department of Health and Human Services (HHS) hosted this week a first-of-its-kind two-day Code-a-Thon to use data and technology to develop new solutions to address the opioid epidemic.

In GAO Report, More Concern over VA VistA Modernization Project

A recent Government Accountability Office (GAO) report is calling into question the more than $1 billion that has been spent to modernize the Department of Veterans Affairs' (VA) health IT system.

Lawmakers Introduce Legislation Aimed at Improving Medicare ACO Program

U.S. Representatives Peter Welch (D-VT) and Rep. Diane Black (R-TN) have introduced H.R. 4580, the ACO Improvement Act of 2017 that makes changes to the Medicare accountable care organization (ACO) program.