DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

California Department of Health Care Services notifies 29,808 of missing CD

Posted on July 14, 2010 by Dissent

On July 6, the California Department of Health Care Services (DHCS) issued the following press release:

The California Department of Health Care Services (DHCS) has reported to federal authorities that a missing compact disc (CD) delivered to the department may not have been encrypted by the sender, Care 1st Health Plan. The CD contains personal information, including names and addresses, for 29,808 Care 1st members.

Without proper encryption, which is required by DHCS of all its trading partners who share protected and personal information, the CD could possibly be accessed by unauthorized users. Care 1st cannot confirm that the CD was encrypted. Though DHCS believes the CD is still on its premises and there is no indication of inappropriate access, DHCS reported the incident to the U.S. Department of Health and Human Services as required by law.

DHCS and Care 1st consider the protection of confidential personal information a top priority. When the CD could not be located, DHCS immediately launched an investigation and conducted numerous exhaustive searches of the premises. DHCS then reiterated and reinforced its longstanding direction to Care 1st and all trading partners that all personal information must be transmitted or delivered to DHCS in an approved, secure format. Care 1st now submits the information using secure electronic transfer rather than CDs.

DHCS has taken extensive steps to eliminate the use of CDs to transmit personal information and to implement electronic transfers for such information. Nearly all transactions are now carried out via secure electronic transfers or, in limited cases, via encrypted CDs.

Care 1st delivered the CD to DHCS for the purpose of identifying Care 1st members who are also Medi-Cal beneficiaries. The members whose information is contained on the misplaced CD are mostly Medicare recipients. On April 29, when the information on the CD that was delivered on April 7 was scheduled to be processed, it was determined to be missing.

On June 18, Care 1st began sending individual notification letters to the members whose information was on the CD. The letters gave the members information on steps they may take to protect themselves from any possibility of identity theft. Care 1st also arranged for free credit monitoring services to be provided to the members for one year at no cost.

DHCS has been implementing numerous steps to protect information for more than two years. During this period, it has successfully converted all mainframe computer tapes and paper reports containing confidential data to a secured electronic transfer. This includes approximately 600 annual exchanges and more than 400 paper reports (approximately 1.7 million pages printed annually) containing thousands and, in some cases, millions of records of beneficiary data.

Since they are offering free credit monitoring services, there may be more than just medical info on the missing CD, but the press release doesn’t actually detail what kinds of information are involved other than names and addresses. If anyone received a notification letter, can you please upload it or describe the contents in terms of types of information involved.

No related posts.

Category: Government SectorHealth DataLost or MissingOf NoteSubcontractorU.S.

Post navigation

← SunBridge Healthcare notifies 3,830 residents of stolen laptop
(update) Conn. AG wants teachers board to explain lost data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case
  • Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
  • Hacker with ‘political agenda’ stole data from Columbia, university says
  • Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • DOJ investigates ex-ransomware negotiator over extortion kickbacks

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.