DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

California Department of Corrections and Rehabilitation notifies staff, visitors, and incarcerated individuals of breach

Posted on August 23, 2022 by Dissent

The California Department of Corrections and Rehabilitation (CDCR) issued a breach notification this week. Because the notification mentions COVID-19 testing, at first, DataBreaches thought it was the incident CDCR had disclosed last month, but no, it turns out that that was a different incident.

The newly revealed breach affects staff, visitors, and others tested for COVID-19 by the state Department of Corrections and Rehabilitation between June 2020 and last January.

The breach was discovered in January 2022 and appears to have involved unauthorized access in December 2021 that potentially affected medical information on everyone who was tested for COVID-19 by the department from June 2020 through January 2022. It did not include COVID testing information for the incarcerated population.

The state indicates that the breach also potentially included mental health information for the incarcerated population in the Mental Health Services Delivery System going as far back as 2008.

CDCR has provided four different notification templates depending on which population was potentially affected and which types of personal or protected information:

  • Letter – Currently/Formerly Incarcerated – HIPAA/TABE
  • Letter – Currently/Formerly Incarcerated – SUDT HIPAA/TABE
  • Letter – Non-HIPAA
  • Letter – Staff/Stakeholders – EE HIPAA

For the incarcerated population in the Mental Health Service Delivery System, the information included their name, CDCR number, mental health treatment, mental health history, and mental health diagnosis. Additionally, information in the Trust, Restitution, Accounting, and Canteen System (TRACS) was also potentially involved. This information includes records of transactions made to and from trust accounts since 2008, as well as some trust account numbers.

Information about people on parole who are in substance use disorder treatment programs may have also been involved.

Some of the data included Social Security Numbers, driver’s license numbers, and trust account information. However, the investigation did not reveal any evidence this information was copied or downloaded.

No numbers for the different subgroups have been provided as yet publicly, but at least some of this will likely appear on HHS’s public breach tool.

No related posts.

Category: Breach IncidentsGovernment SectorHackHealth DataU.S.

Post navigation

← ‘I went to prison for the £77m TalkTalk hacking. I could be sent back for ordering a McDonalds’
MD: Onyx Technology alerts clients and patients of ransomware incident →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.