Kern County Mental Health Dept. self-reports data breach
From their notice posted yesterday on their web site:
This letter is to inform you of a recent security incident that occurred on 4/15/16 at the Kern County Mental Health Administration offices.
Our administration offices recently relocated. During the move, a report was inadvertently left behind in a vacated section of the building that had been under construction. Please note, the information in the report was limited to first and last name, our own internal medical record number, an internal service code and the associated unit where services were provided. This report did not contain any treatment information or any other information, such as Social Security number, Driver’s License number, or financial account numbers which could expose you to identity theft. Nonetheless, we felt it necessary to inform you that various contractors had been working in the building and would have had access to the report.
The report listed services (by code number only) provided by Kern County Mental Health, as well as mental health and substance use contract providers during the period of 9/1/06 – 9/30/06. All the pages of this report are accounted for, in the correct order, and no obvious indication that anyone viewed it, but because it was discovered in an area unattended by staff, we want to inform you of this potential breach. Again, the only beneficiaries affected were those who received services during this one month period of time (September 2006).
We regret that this incident occurred and want to assure you that we are reviewing and revising our procedures and practices to minimize the risk of recurrence.
Should you need any further information about this incident, please call the toll free PRIVACY AND COMPLIANCE HOTLINE at (888) 875-5559.