ASH employee illicitly accessed social security numbers during data breach



An information technology employee at Atascadero State Hospital, who improperly accessed health information belonging to more than 2,000 ASH patients and staffers, also accessed the social security numbers, email addresses and other personal information of nearly 3,000 individuals, many of whom merely applied for jobs at the facility. 

Last month, the Department of State Hospitals (DSH) acknowledged the employee accessed health information, including coronavirus test results, belonging to approximately 1,415 current and former patients and 617 staffers. The hospital staffer who accessed the information had access to ASH’s data servers as part of his or her job duties. 

The employee also improperly accessed personal information, including addresses, phone numbers, email addresses, social security numbers, dates of birth and health information, of approximately 1,735 current and former employees, as well as 1,217 job applicants who never ended up working for ASH, DSH said in a news release on Monday. 

DSH officials discovered the data breach on Feb. 25 as part of the agency’s annual review of employee access to data folders. DSH is investigating the breach with assistance from the California Highway Patrol.

The staffer who accessed the personal and health data remains on administrative leave, pending the outcome of the investigation. Thus far, investigators have obtained no evidence indicating the employee used or attempted to use the information compromised in the data breach.