UC San Diego Health has begun notifying individuals about a recent phishing event that involved some patient information.
The attack, identified Jan 9, resulted in unauthorized access to two employee email accounts. Phishing occurs when an email is sent that looks like it is from a trustworthy source but it is not. The email misleads the recipient to share or provide access to their email login information.
When UCSD Health discovered the event, it secured the email accounts and launched an investigation to determine what happened and what information was involved.
The investigation determined the accounts were accessed for brief periods of time between Jan. 9 and 22 and involved information related to patients in UCSD Health’s lung transplant and rheumatology departments, including patient names; addresses; email addresses; dates of birth; medical record numbers; health insurance information; treatment cost information; and/or clinical information, such as medications, provider name or diagnosis.
For a limited number of patients, a Social Security number was also included.
UCSD Health’s electronic medical record systems are separate from its email accounts and were not affected by this event.
UC San Diego Health is mailing notification letters to individuals whose information may have been involved in this event and is also providing individuals whose Social Security number was involved with complimentary credit monitoring and identity theft protection services.
For more information, call the UCSD dedicated call center at (833) 918-7475 and reference engagement no. B117735. Information is also available on the UC San Diego Health website at health.ucsd.edu/data-security.
