DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

California Pacific Medical Center discovers employee was improperly accessing patient records for one year

Posted on January 25, 2015 by Dissent

The following press release from California Pacific Medical Center, a Sutter Health facility, was submitted to the California Attorney General’s web site today. A copy of the notice, dated January 23, 2015, is also posted on CPMC’s web site:

Audit finds employee access to patient files without apparent business or treatment purpose

California Pacific Medical Center (CPMC) recently notified 844 patients of its discovery that a pharmacist employee may have accessed their records without a business or treatment purpose.

CPMC first learned of the incident through a proactive audit of its electronic medical record system on October 10, 2014. The initial audit resulted in identification and notification of 14 individuals on October 21, 2014. Following its policy, CPMC terminated its relationship with the employee and broadened the investigation

The expanded investigation identified a total of 844 patients whose records the employee may have accessed without an apparent business or treatment purpose. It is unclear whether all of these records were accessed inappropriately but, out of an abundance of caution, CPMC notified all of these patients.

CPMC has determined that between October 2013 and October 2014, the employee accessed the following types of information without an apparent valid purpose: patient demographics, last four digits of social security number, clinical information including diagnosis and clinical notes, and prescription information. The type of information varied for each patient. While the employee potentially viewed the last four digits of some social security numbers, the employee did not have access to full Social Security numbers, driver’s license numbers, California identification numbers, credit card numbers or financial account information. CPMC has no evidence of a malicious intent or any unauthorized sharing of patient information by the employee. CPMC believes that the employee accessed the information out of curiosity.

No action is required by the patients in response to CMPC’s notice.

CPMC takes patient privacy very seriously. CPMC has also reiterated to all staff that policy allows them to access patient information only when necessary to perform job duties and that violating this policy may result in loss of employment.

For questions, individuals may contact the Chief Privacy Officer for Sutter Health at 855?771? 4220 Monday – Friday from 8am to 5pm.

Category: Uncategorized

Post navigation

← Hacker Steals 20 Million Passwords From Unidentified Dating Site (Updated to identify site)
NHS information centre forced to write to potentially 'millions' of patients after care.data error →

3 thoughts on “California Pacific Medical Center discovers employee was improperly accessing patient records for one year”

  1. Anonymous says:
    January 26, 2015 at 10:22 pm

    CPMC takes patient privacy very seriously, yet as a large enterprise we are not able to deploy off the shelf software to detect inappropriate access patterns.

  2. Anonymous says:
    January 27, 2015 at 1:17 am

    Where can we find more information on what caused the employee to view these records? What were they looking for? How did CPMC become aware of this situation to initiate and investigation.

    1. Anonymous says:
      January 27, 2015 at 7:52 am

      They said their audit uncovered a problem that they then investigated.

      They may never tell us more about the employee’s motives because it sounds like they just terminated the employee and didn’t necessarily report this to police.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.