This is kind of an oxymoron to have the agency responsible for making sure that privacy and security is followed and issues fines, only to have issues in their own back yard. Actually this was a good job though on the part of the IT department with analytics noticing the transfer of files by an employee and to what drive and where is unknown. The employee is on leave until the investigation is completed. BD
The California Department of Public Health, which previously has fined at least a dozen hospitals and one nursing home for privacy violations, has suffered its second major breach of protected health information since September 2010--and took 80 days to report this second breach. Its first breach took 79 days to report.
The breach affects about 9,000 current and former state health department employees. The department's information security systems on April 5 detected unusual activity, which turned out to be an employee who improperly copied information to a private hard drive, according to a June 24 statement from the department. The employee has been unable "to account for the disposition of that data or the equipment onto which the data was copied," and is on administrative leave pending completion of the incident.