UC San Diego Well being, the educational well being system of the College of California, San Diego, has disclosed a knowledge breach after the compromise of some staff’ e-mail accounts.
UC San Diego Well being is without doubt one of the nation’s finest hospitals, being repeatedly ranked as the most effective well being care system in San Diego, based on the 2021-2022 U.S. News & World Report survey.
The well being system operates UC San Diego Medical Heart, Jacobs Medical Heart, and Sulpizio Cardiovascular Heart underneath one license, with a complete capability of 808 beds.
When requested for added particulars relating to the information breach, UC San Diego Well being’s Govt Director of Communications and Media Relations Jacqueline Carr advised BleepingComputer that the breach was the results of a phishing assault.
Private information of sufferers, college students, and staff uncovered
UC San Diego Well being found unauthorized entry to a few of its staff’ e-mail accounts on April 8, after being initially alerted to suspicious exercise on March 12.
After discovering the breach, UC San Diego Well being terminated the unauthorized entry to the compromised accounts and reported the occasion to legislation enforcement and the FBI.
The attackers could have accessed or acquired the private data of sufferers, staff, and college students between December 2, 2020, and April 8, 2021, after breaching the e-mail accounts in a phishing assault.
Whereas the menace actors had entry to the e-mail accounts for greater than 4 months, an ongoing investigation by its safety groups and exterior cybersecurity specialists has not discovered any proof that this data has been misused because the assault.
The non-public data accessed through the incident might probably embrace: full title, handle, date of start, e-mail, fax quantity, claims data (date and price of well being care providers and claims identifiers), laboratory outcomes, medical analysis and circumstances, Medical File Quantity and different medical identifiers, prescription data, therapy data, medical data, Social Safety quantity, authorities identification quantity, cost card quantity or monetary account quantity and safety code, pupil ID quantity, and username and password.
There isn’t a “no proof that different UC San Diego Well being techniques have been impacted, nor do we’ve any proof presently that the data has been misused,” the educational well being system explained.
“Along with notifying people whose private data could have been concerned, UC San Diego Well being has taken remediation measures which have included, amongst different steps, altering worker credentials, disabling entry factors, and enhancing our safety processes and procedures.”
Probably impacted people warned of identification theft dangers
UC San Diego Well being additionally warned neighborhood members and probably affected people to maintain an eye fixed out for identification theft or fraud makes an attempt.
“You are able to do this by often reviewing and monitoring your monetary statements, credit score stories, and Explanations of Advantages (EOBs) out of your well being insurers for any unauthorized exercise,” UC San Diego Well being added.
UC San Diego Well being additionally advises rotating credentials and enabling multifactor authentication (MFA) for private on-line accounts each time potential.
After the continued investigation ends (possible round September 30), UC San Diego Well being will ship particular person breach notification letters to college students, staff, and sufferers affected by the information breach.
In June 2018, UC San Diego Health also informed 619 patients that they could have been affected by an exterior knowledge breach involving Nuance Communications, a third-party medical transcription supplier.
The breach alert got here after Nuance’s medical transcription platforms have been breached between November 20, 2017, and December 9, 2017.