NewsLocal News


UC San Diego Health announces security breach of some employee email accounts

Breach may have exposed some patient information
Posted at 1:55 PM, Jul 27, 2021
and last updated 2021-07-28 10:59:44-04

SAN DIEGO (KGTV) — UC San Diego Health announced Tuesday that a recent security breach of some employee email accounts may have exposed a range of personal data.

According to UC San Diego Health, the security breach involved "unauthorized access to some employee email accounts." Patient care and operations were not impacted at any time due to the breach, the system added.

The system said once the breach was discovered, "we terminated the unauthorized access to these accounts and enhanced our security controls."

"This process of analyzing the data in the email accounts is ongoing. UC San Diego Health is moving as quickly as possible while taking the care and time to deliver accurate information about which data was impacted. At this time, we are aware that these email accounts contained personal information associated with a subset of our patient, student, and employee community," a public notice on the system's website read.

A UC San Diego Health spokesperson told ABC 10News that the breach was related to phishing and that an estimated 600,000 patients at UCSD Health may be impacted.

The notice added that the breach may have allowed access to a wealth of personal information between Dec. 2, 2020, and April 8, 2021, including, "full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number, and username and password."

UC San Diego Health has reported the event to the FBI and is also working with cybersecurity experts to investigate what happened, what data was impacted, and to whom the data belonged.

The system expects a review of the incident to be completed in September. There was no evidence that any other UCSD Health systems were impacted or that any potentially exposed data has been misused, the hospital system said.

Once the review is completed, UCSD Health said it will send out individual notices to those individuals who had information impacted and will offer one year of free credit monitoring and identity theft protection through Experian IdentityWorks to those whose data was impacted.

The system recommended that anyone concerned that their data is at risk should regularly monitor their financial statements, credit reports, and Explanations of Benefits (EOBs) from health insurers for any unauthorized activity.

Anyone who suspects that they're a victim of identity theft should contact the police or the company that maintains the impacted information. More information about UC San Diego Health's notice is available here.