Redwood Coast Regional Center
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The breach at Redwood Coast Regional Center (RCRC) in California occurred on June 14, 2023, when the organization discovered that the encryption for its mail server had failed. This incident led to the potential unauthorized access to specific information considered to be Public Health Information (PHI) that was shared via email. The compromised data included client names, UCI numbers, addresses, dates of birth, and/or authorized service information. Importantly, the breach did not involve information such as Social Security numbers, driver’s licenses/California Identification, health insurance information, or financial account numbers, which could have exposed individuals to identity theft. Despite the limited nature of the data involved, RCRC took the step to inform those potentially affected since their medical information and authorized services were involved[4].
In response to the incident, RCRC promptly began an internal investigation to investigate and restore the email encryption software. The investigation determined that the email encryption failure was due to a system outage. As part of their response, RCRC has been reviewing and revising its procedures and practices to minimize the risk of recurrence. They have also provided information for those affected on how to contact them for further information about the incident[4][7].
Additionally, RCRC has notified 1,345 people concerning the breach of some of their information. This notification was part of their commitment to transparency and handling the situation responsibly. The organization has stated that it is going over its procedures and protocols to prevent a similar data breach in the future[8].
This incident underscores the importance of robust data protection measures and the need for prompt action and transparency when potential data breaches occur. Organizations like RCRC, which handle sensitive personal and health information, are particularly vigilant in safeguarding their data systems against such vulnerabilities.
Citations:
- https://redwoodcoastrc.org/for-providers/security-data-breach-protocol/
- https://redwoodcoastrc.org/transparency/
- https://oag.ca.gov/privacy/databreach/list
- https://redwoodcoastrc.org/news/notice-of-privacy-incident/
- https://redwoodcoastrc.org/about-us/board-of-directors/board-committees/provider-advisory-committee/
- https://redwoodcoastrc.org
- https://oag.ca.gov/system/files/Auths%20Letter%20REDACTED.pdf
- https://www.defensorum.com/data-breaches-reported-by-cummins-behavior-health-redwood-coast-regional-center-and-other-healthcare-entities/
- https://redwoodcoastrc.org/transparency/policies/
- https://redwoodcoastrc.org/for-providers/special-incident-report/
- https://redwoodcoastrc.org/news/