Uncategorized

Letter – Currently/Formerly Incarcerated – HIPAA/TABE

NOTICE OF DATA BREACH

Reference Number 22-01

We are contacting you because of a recent problem with a computer system.  It may have involved access to information about you.  We do not know if anyone looked at or copied your information, but we want you to know that this happened.

What Happened

This was a computer system that allows the California Department of Corrections and Rehabilitation (CDCR) to share data with certain people outside CDCR. Each set of information is protected with a specific password. Those allowed to get your information must have that password.   

In January 2022 during routine maintenance, CDCR discovered some suspicious activity on that system dating back to December 2021. CDCR immediately shut down that system.  CDCR then began a multi-agency investigation into whether an unauthorized user had looked at or copied any of the information on the system before it was shut off.  In late June, that investigation revealed someone without permission did get into the system.  Fortunately, there was no sign that anyone copied your information.   

Even though it appears no one copied your information, it is possible that someone may have looked at your information while in the system.  Because of this CDCR must let you know this happened.  We are doing this so you can do what you need to do to protect your information.

What Information Was Involved

The information was limited to your name, CDCR number, mental health treatment, mental health history, and mental health diagnosis and did not contain any other information, such as Social Security number, Driver’s License number, or financial account numbers which could be used by an identity thief. But we felt we had to let you know because your medical information was involved.

What We Are Doing

We take this matter very seriously and regret that this happened. We want to assure you that we have changed our procedures and practices to limit the risk this will happen again.  That computer system is no longer being used.  CDCR is using a new system with more security controls.

What You Can Do

Keep a copy of this notice for your records in case of future problems with your medical records.

Other Important Information

For further information on how to protect yourself, please refer to the enclosure “Breach Help –Consumer Tips from the California Attorney General.”

For More Information

For information about privacy protection steps and your medical privacy rights,you may visit the website of the California Department of Justice, Privacy Enforcement and Protection at www.oag.ca.gov/privacy.

Agency Contact

If you have additional questions about this incident, please call toll free 1-888-661-2467 and reference incident number 22-01. You will not be charged for calling this number from phones in your housing unit.  You may also send a letter to:

California Department of Corrections and Rehabilitation

Office of Legal Affairs

Attention: Privacy Office

PO Box 942883

Sacramento, CA 94283-0001

Sincerely,

KATHLEEN ALLISON

Secretary