California Department Of Public Health Faces Data Breach

By Author: eccuni
Total Articles: 211
Comment this article

Recently, California Department of Public Health (CDPH) reported a data breach incident, which resulted in the compromise of personal information associated with around 9000 past and present state employees. The compromised data includes names, addresses, dates of birth, social security numbers, and details of next of kin, ethnicity and information related to worker's compensation. The department identified an unusual activity in the month of April. Investigations revealed unauthorized removal of information from by an employee. An employee had allegedly copied data to a private hard-drive and removed from the state offices. Those affected by the data breach include current employees of CDPH, California Department of Health Care Services, and around 3000 former employees of Department of Health Services (DHS). The department is still investigating the incident, and the concerned employee is on administrative leave till the completion of the project. Investigations so far, have not revealed any misuse of the extracted information. People with malicious intentions may use the collected information for illegal purposes such as ...
... impersonation, identity fraud, making fraudulent claims and gaining access to more sensitive personal and financial information. The department has offer one year free credit monitoring services to affected employees.

In an earlier security incident, CDPH lost a magnetic tape containing of sensitive information related to around 2550 employees and residents. The magnetic tape was unencrypted and dispatched through Post by one of the offices of CDPH, but was never delivered to the destination. The department has now reportedly initiated additional measures to safeguard employee information. The department has also said that it plans to conduct a comprehensive review of information security policies and devise new policies to prevent recurrence of such security incidents. Professionals qualified in masters of security science may help organizations in making a thorough assessment of security threats, identifying threat vectors, lapses in security practices and initiating corrective measures. Regular evaluation of security policies and practices is crucial to strengthen the defenses against security threats. Organizations must also put in place appropriate monitoring mechanisms and detection systems to track unauthorized activity and employee initiated data theft.

Data breach incidents caused by either internal or external agents may have severe repercussions on the reputation of the organization, and impact the trust of the stakeholders. As such, organizations must have appropriate procedures in place to prevent unauthorized access to confidential information. Sensitive customer, employee and organizational information must be stored on secured systems. Access to such systems must be restricted to authorized employees.

Organizations and government bodies must also lay emphasis on improving the information security awareness among employees. Mandatory training and e-learning programs may help in understanding and improving security practices. Employees may also leverage e-tutorials and online degree programs to gain insights on security fundamentals and best practices.

Professionals constantly face the challenge of defending the security infrastructure from multifarious threats. Security certifications and online university degree programs may help professionals in keeping updated on latest security threats, evolving security technologies, monitoring mechanisms and best practices. Proper implementation of security polices and adherence to latest information security practices may help in reducing security breach incidents.