ELK GROVE, CA – On March 13, 2024, following an investigation, California Correctional Health Care Services (CCHCS) sent out approximately 1,348 notification letters for a privacy incident
involving Protected Health Information (PHI) that occurred on February 26, 2024.

A staff member inadvertently emailed an attachment containing PHI to an unauthorized recipient outside the department. Although this information was sent to an unauthorized recipient, they did not view or access the attachment.

This information includes the individual’s last name, CDCR number and information, such as their risk/priority level, order name/type and reason for appointments and dates.

The incident was reported immediately and fully investigated. CCHCS has taken necessary steps to limit further disclosure, such as instructing the unauthorized recipient to delete any emails containing PHI from their email folders immediately and confirming they did not further disclose the email. The staff responsible for the breach are also required to take mandatory
security and privacy mitigation training, as necessary.

CCHCS takes all security incidents seriously. Out of an abundance of caution, CCHCS sent notifications to all affected patients with information about the incident as well as links to resources to establish fraud alerts and understanding privacy rights.

For non-media inquiries, please contact:
CCHCS Privacy Office
(877) 974-4722) or write to:
California Correctional Health Care Services
P.O. 588500, Suite D-3
Elk Grove, CA 95758-8500