FOR IMMEDIATE RELEASE
Marisol Barrios, MSPA, APR
Employee from Pasadena Child Welfare Agency Sends Protected Information to Self
(PASADENA, CA, December 30, 2015) --On December 8, 2015, Hillsides became aware that an employee had sent internal files containing personally identifiable information (PII) and/or protected health information (PHI) to a personal (non-Hillsides) email address.
On five occasions between October 10, 2014 and October 19, 2015, the employee sent unencrypted files to this personal email address containing: 1) names, Social Security numbers, home address and phone numbers for 468 members of Hillsides staff; and 2) names, birthdates, gender, medical identification numbers, therapist names, and rehabilitative therapists' names for a total of 502 Hillsides clients. Upon discovery, the employee was terminated for their violation of company policies; however, to date the agency has been unable to recover the data files from their personal email account or verify whether the files have been deleted. While Hillsides has no evidence that any of the personal information has been further disclosed or misused in any manner, they have provided notice of the incidents to individuals whose information was contained in the files so that they can take any precautions they feel are appropriate or necessary.
For anyone who has received a notification letter from Hillsides, you may want to consider contacting the three major credit bureaus (Experian, Transunion, and Equifax – whose information is included in the notification letter), reviewing account statements, and monitoring free credit reports.
Hillsides values the privacy of its staff and its clients, and deeply regrets these incidents occurred. The agency has taken steps necessary to address the incidents and they are committed to fully protecting all of the information entrusted to them. The agency is working with its legal counsel to ensure all appropriate steps and notifications are being followed. They are also implementing an employee re-training program to reduce the risk of future occurrences and improve its internal security awareness procedures.
“We sincerely apologize for the inconvenience and concern these incidents may have caused to our staff and clients, whose privacy is very important to us,“ said Hillsides CEO Joseph M. Costa. “We will continue to investigate the incident, to reduce harm to potentially affected individuals, and to protect against future similar occurrences.”
Individuals who have received a notification letter are invited to contact Hillsides with questions and concerns in the following way: by calling its Privacy Officer, Toni Aikins, Ph.D., at 1-323-543-2800 between the hours of 8:30 am - 4:30 pm Monday to Friday; sending an email message to firstname.lastname@example.org; and / or addressing a letter to Hillsides Support Services, Attn: Privacy Questions, 815 Colorado Blvd., Suite 300, Los Angeles, CA 90041.
It is important to note that Hillsides will NOT call or email anyone for purposes of requesting any personal information as a result of this situation. If you receive an unsolicited call or email that appears to be from Hillsides or a purported representative, please do not provide any personal information in response to these calls or emails.
# # #