ELK GROVE, CA – On July 5, 2022, following an investigation, California Correctional Health Care Services (CCHCS) sent out approximately 900 notification letters for a privacy incident involving
personal health information that occurred on May 26, 2022.

Five CCHCS employees were emailed a report that included personal health information of more than 500 individuals they were either not authorized to view, or would not normally receive as a regular part of their jobs. This information includes the individual’s first and last name, COVID-19 testing results dates, vaccine status, booster dates, and their religious accommodation status if one was requested.

The incident was reported immediately and fully investigated. CCHCS has taken necessary steps to limit further disclosure, such as initiating a recall of the email, instructing recipient to not further disclose the information, and coordinating the Information Security Office to completely purge the emails. The staff responsible for the breach are also required to take mandatory security and privacy mitigation training, as necessary.

CCHCS takes all security incidents seriously. Out of an abundance of caution, CCHCS sent notifications to all affected staff with information about the incident as well as links to resources to establish fraud alerts and documentation for understanding privacy rights.

For non-media inquiries, please contact:
CCHCS Privacy Office
(877) 974-4722 or write to:
California Correctional Health Care Services
P.O. 588500, Suite D-3
Elk Grove, CA 95758-8500