Personal Information for 56,000 CalOptima Members Breached

In August, a CalOptima employee who was leaving a job with the organization made off with the personal information of about 56,000 people who were enrolled in the county’s health plan for low-income and disabled residents, CalOptima officials acknowledged last week.

But the officials said the data was recovered and they don’t believe it was shared with outsiders.

Apparently, the former employee downloaded the “protected health information” (which includes member names, demographic information, and in some cases social security numbers) of 7 percent of the health plan’s 798,243 members onto a thumb drive.

Within days, however, the thumb drive was returned by the former employee, who CalOptima officials did not name. They also did not say why the former employee downloaded the information.

“While this matter is still under investigation, CalOptima does not believe the information was shared,” the agency stated in a news release.

CalOptima sent out notices Oct. 14 to an unspecified number of current and former members warning them of the data breach.

“CalOptima recommends that affected members monitor the security of their credit and personal information using services offered by the agency at no cost to members,” the news release said.

The health plan said it will pay for one year of free credit monitoring from the three major credit monitoring services on behalf of any of the affected members who ask for it. The services will alert members to any changes in their credit files. Also, parents with children who are CalOptima members can ask for a free service that checks fraudulent credit files created in a child’s name.

In their news release, CalOptima officials said they are “changing our procedures and practices to reduce the chance of it happening again.”
It’s not clear what protections, if any, the agency had in place at the time of the data breach that could have prevented private information from being downloaded to a thumb drive.

CalOptima is a $3.4 billion a year health plan, financed by federal and state taxpayers but its board of directors in appointed by the county Board of Supervisors and includes two supervisors.

You can contact Tracy Wood at twood@voiceofoc.org and follow her on Twitter: @TracyVOC.

  • Jacki Livingston

    Bull Pucky. It was sold, locally, by senior managers at SSA. They have been doing it for years. GAWD! You guys buy into any stupid story they shell out. Personal information of all patients, applicants and providers are regularly gathered and sold, for a pretty little penny. Ever walk into an SSA office? There is personal info, including bank statements, SS numbers, driver’s license, everything, in open containers all over the building. It is on the desks, on top of file cabinets, and, mostly, in the hands of career criminals. You guys are so cute, all the optimism and belief in their press releases. If you only knew…

    • OCservant_Leader

      Ah yes. The OC crew has a “private sector” mentality. Data is to be exploited. This is why there were ” No policies”…

      Another money making goldmine.

      • Jacki Livingston

        Serious money. My estimate, from just what I found and the mountains of evidence is that they were skimming about fifty mill a year. At least.

  • OCservant_Leader

    Please follow up the article with who (among the political appointees) will be held accountable.

    This is incompetence at the highest level. Who can plug in a personal thumb drive to a computer at a public agency in 2016? There is No policy?

    What are the managers doing over there at Cal Optima – running GOP campaigns? Maybe building statues to 13th century Vietnamese warriors?

  • LFOldTimer

    Putin was probably behind it if the county dug deep enough. 😉

    Hopefully none of the CalOptima employees have home servers. 😉

    • Jacki Livingston

      There are numerous employees of the County SSA who regularly carry lots of this info around on laptops, and files, they work on from home, using their home computers.