CalOptima discloses second HIPAA breach in as many months

For the second time in as many months, CalOptima is reporting a breach (see last month’s disclosure, here).

According to a statement uploaded to the California Attorney General’s web site:

On or about August 17, 2016, a departing CalOptima employee downloaded data, which included protected health information, to an unencrypted USB flash drive. Shortly after, the departing employee returned the USB flash drive to CalOptima. While we are still investigating the contents of the flash drive, we do not believe the information was shared.

What information was involved?

The information on the flash drive may have included your name and other demographic information, and other health plan-related information. Please note that no other information such as social security number, Driver License number, or financial account numbers were included.

Note that for some, SSN was involved, as CalOptima wrote to parents of minor children in a different letter:

The information on the flash drive may have included your child’s name and other demographic information, your child’s social security number, and other health plan-related information.

SSN were also involved for some adults.

According to the Orange County Register, about 56,000 patients were notified.

About the author: Dissent