ASH employee illicitly accessed social security numbers, birth dates

April 6, 2021


An information technology employee at Atascadero State Hospital, who improperly accessed health information belonging to more than 2,000 ASH patients and staffers, also accessed the social security numbers, email addresses and other personal information of nearly 3,000 individuals, many of whom merely applied for jobs at the facility.

Last month, the Department of State Hospitals (DSH) acknowledged the employee accessed health information, including coronavirus test results, belonging to approximately 1,415 current and former patients and 617 staffers. The hospital staffer who accessed the information had access to ASH’s data servers as part of his or her job duties.

The employee also improperly accessed personal information, including addresses, phone numbers, email addresses, social security numbers, dates of birth and health information, of approximately 1,735 current and former employees, as well as 1,217 job applicants who never ended up working for ASH, DSH said in a news release on Monday.

DSH officials discovered the data breach on Feb. 25 as part of the agency’s annual review of employee access to data folders. DSH is investigating the breach with assistance from the California Highway Patrol.

The staffer who accessed the personal and health data remains on administrative leave, pending the outcome of the investigation. Thus far, investigators have obtained no evidence indicating the employee used or attempted to use the information compromised in the data breach.

Inline Feedbacks
View all comments

Sadly, your privacy is for sale and the cost of protecting it has become big business. Why would that change now? This trend will continue until privacy won’t even be expected and we must comply with full exposure or no work and public benefits. Remember the lyrics: everything you think do or say will be in the pill you took today.

Sounds like another GOV employee to receive a pay raise and promotion to fluff up their retirement payout and then a healthy severance package to add some icing on the retirement celebration cake

It appears that California taxpayers and residents will be screwed again, but in a different way by a corrupt public union. They will most likely circle the wagons around this person to save one their own. There should be much more stringent guidance to who can access this information.

“Thus far, investigators have obtained no evidence indicating the employee used or attempted to use the information compromised in the data breach.”

Does that really matter? I thought this was a crime regardless of whether it is (or was) used or not. Sorry, “no harm no foul” doesn’t cut it.

Also, doesn’t the FBI check into cybercrime, not the California Highway Patrol???

The suspect will minimally be charged under California Penal Code 502 for unlawfully accessing the data. As for the FBI, they won’t get involved since this crime(s) doesn’t involve interstate commerce. The CHP has a premier cyber/computer forensics investigations unit. The lead CHP cyber investigator in this area has been certified at the state and federal levels to conduct these investigations.

AsH only annually reviews it data access to make sure there are no breaches?, seems wrong.