UC San Diego Health has disclosed a data breach after the compromise of some employees’ email accounts.

According to Bleepingcomputer, the breach was the result of a phishing attack.

UC San Diego Health discovered unauthorized access to some of its employees’ email accounts on April 8, after being initially alerted to suspicious activity on March 12.

The attackers may have accessed or acquired the personal information of patients, employees, and students between December 2, 2020, and April 8, 2021, after breaching the email accounts in a phishing attack.

Buy Me a Coffee

While the threat actors had access to the email accounts for more than four months, an ongoing investigation by its security teams and external cybersecurity experts has not found any evidence that this information has been misused since the attack.

The personal information accessed during the incident could potentially include: full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number, and username and password.

There is no “no evidence that other UC San Diego Health systems were impacted, nor do we have any evidence at this time that the information has been misused,” the academic health system explained.

READ
Musk Files for Injunction to Block OpenAI from Transition to for-Profit Organisation

“In addition to notifying individuals whose personal information may have been involved, UC San Diego Health has taken remediation measures which have included, among other steps, changing employee credentials, disabling access points, and enhancing our security processes and procedures.”