Some employee email accounts hacked
SAN DIEGO (KGTV) — UC San Diego Health announced Tuesday that a recent security breach of some employee email accounts may have exposed a range of personal data.
According to UC San Diego Health, the security breach involved “unauthorized access to certain employee email accounts.” Patient care and operations were not affected at any time due to the breach, the system added.
The system said that once the breach was discovered, “we terminated unauthorized access to these accounts and tightened our security controls.”
“This process of analyzing data in email accounts is ongoing. UC San Diego Health is moving as quickly as possible while taking care and time to provide accurate information about data that has been impacted. ‘We are currently aware that these email accounts contained personal information associated with a subset of our community of patients, students and employees,’ reads a public notice on the website. of the system.
A UC San Diego Health spokesperson told ABC 10News that the breach was phishing-related and that approximately 600,000 UCSD Health patients could be affected.
The notice added that the breach could have allowed access to a wealth of personal information between December 2, 2020 and April 8, 2021, including “full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claim identifiers), lab results, diagnosis and medical conditions, medical record number and other medical identifiers, prescriptions, treatment information, medical information, social security number, government identification number, payment card number or financial account number and security code, student number, username and password.”
UC San Diego Health reported the event to the FBI and is also working with cybersecurity experts to investigate what happened, what data was affected, and who owned the data.
The system expects a review of the incident to be completed in September. There was no evidence that other UCSD health systems were impacted or that potentially exposed data was misused, the hospital system said.
Once the review is complete, UCSD Health said it will send individual notices to people whose information has been impacted and offer one year of free credit monitoring and identity theft protection through Experian IdentityWorks to those whose the data has been impacted.
The system recommended anyone concerned that their data might be at risk to regularly monitor their financial statements, credit reports and explanations of benefits (EOBs) from health insurers for any unauthorized activity.
Anyone who suspects they may be a victim of identity theft should contact the police or the company that maintains the information. More information about the UC San Diego Health advisory is available here.