Sacramento County officials on Thursday announced that a data breach earlier this year exposed the health information of more than 5,000 inmates receiving medical care while in jail.
The information of 5,372 Sacramento County Jail inmates was exposed on the Internet for about five months — from late January through early July — before the data was secured. County health officials were notified of the extent of the data breach three weeks ago.
CorrectCare Integrated Health Inc., a company contracted by the county, first learned on July 6 that there were two unsecured folders containing protected health information.
An investigation by CorrectCare revealed the folders had been exposed online from Jan. 22 through July 6, before additional testing of security folders on July 7 confirmed that the data breach had been remedied and that the files were secured, according to a news release from Sacramento County.
CorrectCare then hired a cyber forensics security firm to determine the nature and scope of the data breach and whether any patient information may have been exposed. On Oct. 25, CorrectCare informed Sacramento County Department of Health Services that a data breach had exposed the information of the more than 5,000 inmates who were County Correctional Health patients.
County officials said dark web searches done a week after the Oct. 25 notification found no data related to CorrectCare.
The patients whose information was exposed online will be mailed a notification of the data exposure, according to the county news release. The patients also will be offered one year of free credit monitoring, credit resolution and identity restoration services.
This data breach has been reported to the U.S. Department of Health and Human Services and California Department of Health Care Services.
©2022 The Sacramento Bee. Distributed by Tribune Content Agency, LLC.