Possible PHI Compromise Might Have Affected 582,000 Patients of California Dept. of Developmental Services

April 26, 2018


582,174 patients of the California Department of Developmental Services (DDS) are getting in touch with customers to inform them that their protected health information has probably been undermined.

Last February 11, 2018, a few people broke into the DDS legal and audits offices in Sacramento, CA. After they broke in, the thieves possibly had access to the confidential information of about 15,000 workers, service providers, job candidates, and parents of juveniles who are cured by DDS facilities. The burglars also got away 12 government computers.

It’s not yet clear if the culprits were interested in paper files and all computers robbed by the thieves were encrypted therefore data access was impossible. DDS has accepted that none of the office computers were utilized to access the department’s network and electronic protected health information continued safe at all times.

In the substitute breach notification publicized, DDS made reference to the point that its offices were damaged and a fire was placed, which activated the sprinkler system inflicting damage to CDs and documents.

The way of the destruction and the damage caused by the fire and sprayer system has made it impossible to conclude with 100% confidence whether any information was taken away from the offices or if PHI has been undermined.

If PHI was seen or thieved it would have been limited to names, units billed, service dates, service codes, unique state-issued client identifier details, medical records, and amounts paid for facilities.

Law enforcement organizations have been made conscious of the occurrence and the robbery has been reviewed but the culprits have not been found.

Although it’s not supposed that the burglars gained access to the protected health information of patients, notices have been sent to impacted persons out of an abundance of caution and the occurrence has been reported to the Division of Health and Human Services’ Office for Civil Rights (OCR).

The HIPAA safety breach is the most recent to be presented to the OCR in 2018, exceeding the 279,865-record breach at Oklahoma State University Center for Health Sciences that was presented in January and the 134,512-record violation at St. Peter’s Surgery & Endoscopy Center, informed in February 2018.