UC San Diego Health has disclosed a data breach after the compromise of some employees’ email accounts.
According to Bleepingcomputer, the breach was the result of a phishing attack.
UC San Diego Health discovered unauthorized access to some of its employees’ email accounts on April 8, after being initially alerted to suspicious activity on March 12.
The attackers may have accessed or acquired the personal information of patients, employees, and students between December 2, 2020, and April 8, 2021, after breaching the email accounts in a phishing attack.
While the threat actors had access to the email accounts for more than four months, an ongoing investigation by its security teams and external cybersecurity experts has not found any evidence that this information has been misused since the attack.
The personal information accessed during the incident could potentially include: full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number, and username and password.
There is no “no evidence that other UC San Diego Health systems were impacted, nor do we have any evidence at this time that the information has been misused,” the academic health system explained.
“In addition to notifying individuals whose personal information may have been involved, UC San Diego Health has taken remediation measures which have included, among other steps, changing employee credentials, disabling access points, and enhancing our security processes and procedures.”
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.