Employee sent files to personal email

January 8th, 2016 by admin Leave a reply »

California-based child welfare agency Hillsides suffered data breach when an employee sent internal files to a personal email address. Facility notified certain individuals that they may have been the victims of a PHI data breach after the incident.

Hillsides mentioned that the employee sent unencrypted files to his own personal email address on five separate occasions. Affected information included names, Social Security numbers, home address and phone numbers for 468 members of Hillsides staff. The files also included names, dates of birth, gender, medical identification numbers, therapist names, and rehabilitative therapists’ names for 502 Hillsides clients.

“We sincerely apologize for the inconvenience and concern these incidents may have caused to our staff and clients, whose privacy is very important to us,“ Hillsides CEO Joseph M. Costa said in a statement. “We will continue to investigate the incident, to reduce harm to potentially affected individuals, and to protect against future similar occurrences.”

Employee was terminated from his position upon discovery of the incident. Hillside believes that there has been no evidence of misuse of information. But it has been unable to recover the files from the email account or verify if the files have been deleted.

Hillsides is strengthening its safety measures to avoid such incidents.

“The agency is working with its legal counsel to ensure all appropriate steps and notifications are being followed,”the agency said in its statement. “They are also implementing an employee re-training program to reduce the risk of future occurrences and improve its internal security awareness procedures.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.


Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Leave a Reply