The information of 5,372 Sacramento County Jail inmates was exposed on the Internet for about five months — from late January through early July — before the data was secured. County health officials were notified of the extent of the data breach three weeks ago.
CorrectCare Integrated Health Inc., a company contracted by the county, first learned on July 6 that there were two unsecured folders containing protected health information.
An investigation by CorrectCare revealed the folders had been exposed online from Jan. 22 through July 6, before additional testing of security folders on July 7 confirmed the data breach had been remedied and the files were now secured, according to a news release from Sacramento County.
CorrectCare then hired a cyber forensics security firm to determine the nature and scope of the data breach and whether any patient information may have been exposed. On Oct. 25, CorrectCare informed Sacramento County Health Services that a data breach had exposed the information of the more than 5,000 inmates who were County Correctional Health patients.
County officials said dark web searches done a week after the Oct. 25 notification found no data related to CorrectCare.
The patients whose information was exposed online will be mailed a notification of the data exposure, according to the county news release. The patients also will be offered one year of free credit monitoring, credit resolution and identity restoration services.
This data breach has been reported to the U.S. Department of Health & Human Services and California Department of Health Care Services.
Adult Correctional Health patients can call 916-876-7195 or send an email to ACHAdmin@saccounty.gov with questions about the breach. A staff member at both the Main Jail and Rio Cosumnes Correctional Center has been assigned to answer questions from inmates still in custody who may have been impacted by the data breach.
©2022 The Sacramento Bee, Distributed by Tribune Content Agency, LLC.