A second CalOptima data breach has been announced just a few weeks after 1,000 members were informed that some of their protected health information had been exposed due to a printing error. CalOptima spokeswoman Bridget Kelly confirmed to the Orange County Register that the latest CalOptima data breach has impacted approximately 7% of CalOptima members – around 56,000 individuals.
CalOptima, a public agency created to manage the Medi-Cal program in Orange County, CA,, notified affected members of a breach of sensitive data on October 14. Two months ago, a departing employee was discovered to have downloaded a range of sensitive data to a thumb drive prior to leaving employment at CalOptima. The data were copied onto a thumb drive, which has since been recovered.
The CalOptima data breach was identified quickly and swift action was taken to recover the stolen data. In her statement, Kelly said the former employee had the thumb drive for a period of four days between August 14 and August 17, 2016. Upon discovery of the breach, an investigation was launched and the former employee was contacted. The thumb drive was returned within two days.
CalOptima is still checking the device to determine exactly what information was copied. CalOptima has informed the California attorney general that the stolen data included members’ names, health insurance information, and demographic data. Some members Social Security numbers may also have been copied onto the thumb drive.
CalOptima has received assurances that the data have not been shared with any other individual, although that could not be entirely ruled out. The decision has therefore been taken to offer credit monitoring services to all affected members for a period of one year without charge. Members have also been advised to monitor their credit for any sign of fraudulent activity.
The investigation into the incident is ongoing but CalOptima has already implemented additional safeguards to better protect members’ data in the future.