The University of California, San Diego Health has announced that a data breach has exposed the personal information of its students, employees, and patients. UC San Diego Health officials told Bleeping Computers that the breach was due to a phishing attack in an employee email account.
Estimated reading time: 3 minutes
UC San Diego Health discovered the breach on April 8th after the facility had already been alerted on March 12th. Upon discovering the breach, the facility closed off the compromised account and called the FBI. The data that hackers accessed spanned a time period between December 2020 and April 2021. There is no evidence that this data harvesting has been used or exploited.
The personal information accessed during the incident could potentially include: full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number, and username and password.
There is no “no evidence that other UC San Diego Health systems were impacted, nor do we have any evidence at this time that the information has been misused,” the academic health system explained.
Bleeping Computer
Phishing attacks are a common and widely used method of gaining access to company databases and more employees than ever are clicking them. They rely on human curiosity and impulse to work, and they often work flawlessly. Purandar Das, Co-founder and the chief security evangelist from Sotero, an encryption-based security solutions company, has offered the following statement on this story:
“I think it will be important to understand the specific nature of the breach. More importantly, it is too early to claim that the data has not been misused. In fact, it may be hard to quantify what the long-term impact of the stolen data on the individuals are. Also concerning is the beach was not identified based on sources other than organization. That fact alone may suggest that the stolen data may have been spotted in an illegal store front. Obviously, the hospital will be taking a hard look as to how the activity went undiscovered for an extended period of time. The learnings should be used to help other organizations prepare better.”
Purandar Das, Co-founder, and the chief security evangelist from Sotero
What do you think of the UC San Diego Health data breach? You can share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network.
