Leaders at UC San Diego Health released a notice on July 27 that they “recently experienced a security event involving unauthorized access to some employee email accounts.”
According to ZDNet, “From December 2, 2020 to April 8, 2021, hackers had access to data including names, addresses, claims information, laboratory results, medical diagnosis and conditions, Medical Record Numbers and other medical identifiers, prescription information, treatment information, medical information, Social Security numbers, government identification numbers, payment card numbers or financial account numbers and security codes, student ID numbers, and usernames and passwords.”
ZDNet also reported that “In an FAQ attached to the notice, the hospital said it discovered suspicious activity on March 12 but it took until April 8 for its security team to officially identify it as ‘a security matter.’”
Further, “The statement said the hackers gained control of employee email accounts for weeks before UC San Diego Health discovered the breach, terminated the accounts, and contacted the FBI. A cybersecurity company is still investigating the incident and UC San Diego Health said the review will finish in September.”
An article from The San Diego Union Tribune notes that “The attack comes not long after the University of California notified thousands that many of its campuses were infiltrated through outdated file transfer software made by Accellion Inc. That breach, however, did not affect UC San Diego Health and did not involve medical information.”
That said, “For Accellion, and now for the new health system breach, the university is offering free credit monitoring and identity theft protection for those who have been affected. Scripps Health, San Diego’s second-largest health system, found itself taking similar steps in late May after notifying the public that a month-long ransomware attack potentially compromised the protected information of more than 147,000 people.”
The notice from UC San Diego Health suggests that “It is always a good idea to remain alert to threats of identity theft or fraud. You can do this by regularly reviewing and monitoring your financial statements, credit reports, and Explanations of Benefits (EOBs) from your health insurers for any unauthorized activity. If you ever suspect that you are the victim of identity theft or fraud, you should contact the company that maintains the account on your behalf or your local police.”
