The California Department of Corrections and Rehabilitation (CDCR) stated that it has discovered a potential data breach, which has exposed information on staff, visitors, and those incarcerated or previously incarcerated dating back to 2008.
Some of the potential information that was leaked includes mental health information of those incarcerated as well as staff that have been tested for COVID-19. The information accessed violated many HIPAA laws put in place to protect private health information.
According to the press release, the information was accessed through a file transfer system that was used to process health information.
“The exact date is not known, but in January 2022, CDCR discovered some suspicious activity in a file transfer system dating back to December 2021. CDCR IT staff took immediate action, suspending the affected system. The department also notified authorities, and began a multi-agency investigation,” stated the press release.
Much of the information that was accessed is believed to not have been copied by those who had accessed the information. Currently, the CDCR is unaware of the those responsible for the breach and is continuing working with other agencies to find the suspects.
CDCR is asking those who could potentially be impacted by this breach to conduct inquiries into their personal credit scores as well as contact the CDCR for those who can confirm that their information has been breached.