We mentioned on Monday that the state Department of Public Health has reported it suffered its second sensitive data breach in a year. That led us to ask, what has the department done to tighten its data security since last year?
The latest case involved someone copying files with names, addresses, Social Security numbers and other information on about 9,000 current and former employees onto a separate hard drive that was taken off state premises.
The first case happened last September when a Southern California field office mailed an unencripted computer tape. The opened envelope arrived at Sacramento HQ, but the tape containing sensitive information about 2,550 facility residents and employees, didn't.
There's been no known misuse of the information in either case.
We asked Public Health spokesman Al Lundeen what the department did after the tape was lost in the mail. Here's his e-mailed reply:
The following steps have been implemented resulting from the lost back-up tape:
1. CDPH Licensing and Certification back-up tapes are encrypted.
2. Licensing and Certification District/Field Offices' back-up tapes are shipped using a secured mail carrier.
3. Licensing and Certification continues to participate in researching the possibility of a system which would eliminate the use of magnetic tapes for back-up purposes and would allow for a remote back-up process.
4. The back-up process is conducted by or overseen by a member of the management team.
5. CDPH has developed and implemented policies and procedures to record any and all activities associated to the back-up process. These policies and procedures allows for stronger communication between the field offices and headquarters.