Approximately 600 patients’ personal medical records were compromised in a breach at the Santa Barbara County Department of Wellness, in which it was discovered that a staff member “used their credentials to log into the electronic medical record system and viewed client information,” according to a statement from department spokesperson Suzanne Grimmesey.
“This breach was discovered as a result of the department proactively implementing a new security measure,” Grimmesey said Tuesday, “which immediately worked to call attention to this breach and will continue to serve this function going forward.”
The breach occurred on March 30, and resulted in the names, addresses, email addresses, telephone numbers, Social Security numbers, insurance information, medical record numbers and some medical information being compromised for nearly 600 clients. Grimmesey said all clients with compromised information have been notified, and an audit of the incident showed that no information was downloaded or printed.
Sign up for Indy Today to receive fresh news from Independent.com, in your inbox, every morning.
”We regret that this incident occurred,” said Toni Navarro, Director for the Department of Behavioral Wellness. “While an event like this should never have occurred, through this investigation, we have identified areas for strengthening our system and are making necessary improvements to avoid the likelihood of this occurring again.”
After discovering the employee responsible for the breach, the department announced that it had taken “all required and appropriate actions” and that further access to client records has been terminated. Department representatives provided no details regarding the employment status of the individual responsible.
“The department is unable to speak or comment with any specificity on personnel matters,” Grimmesey told the Independent.