For the second time in just over six months, California public health officials late Friday acknowledged a major breach of sensitive health and personal information from within their own agency, this time affecting 9,000 current and former state employees.
The information "was improperly copied to a private hard drive and removed from state offices," said Ron Chapman, MD, director of the California Department of Public Health. There is, as yet, no indication that the information has been misused or further disclosed, he said.
The agency said the state's security detection system noticed "unusual activity" on April 5, and prompted CDPH to investigate. The agency "discovered the unauthorized removal of information from state premises by an employee" who is currently on administrative leave until the investigation is complete, according to an agency press release sent out on Friday.
"We regret that the personal information of our employees was compromised," said Chapman. "We take the breach of any secure documents very seriously and are committed to taking steps to minimize any impact of this action and further strengthen our security policy."
Asked why the breach took three months to announce, CDPH spokesman Al Lundeen said in a telephone interview Friday that the incident required a lengthy investigation and during that time, the employee involved was barred from having access to sensitive information. The data that was copied was related to Human Resources records and some of it contained information dealing with workmen's compensation claims.
"This was not accidental. It appears to be an intentional act by one individual," said Lundeen, who added that state officials are now working with police on the matter.
Last December the same agency was forced to announce that a magnetic tape containing sensitive personal and medical information for up to 2,550 residents and employees of 600 Southern California skilled nursing facilities had gone missing in the mail.