UC San Diego Health Experiences Phishing Attack

The phishing attack may have exposed patient data.

By HFT Staff


On January 9, 2024, UC San Diego Health identified a phishing attack against its employees, which resulted in unauthorized access to two employee email accounts. Phishing occurs when an email is sent that looks like it is from a trustworthy source, but it is not. The email misleads the recipient to share or provide access to their email login information.

When UC San Diego Health discovered the event, they immediately secured the email accounts and enhanced their security controls. They also began an investigation to determine what happened, what information was involved, and to whom the information belonged. Their investigation determined the accounts were accessed for brief periods between January 9 and January 22, 2024. They conducted a detailed review and analysis of the email accounts’ contents, which was completed on or about February 26, 2024.

Related: Using a cybersecurity plan at your healthcare facility

The information involved was related to patients in their lung transplant and rheumatology departments. The information varied by individual but may have included patient names; addresses; email addresses; dates of birth; medical record numbers; health insurance information; treatment cost information; and/or clinical information, such as medications, provider name or diagnosis. For a limited number of patients, a Social Security number was also included.

UC San Diego Health’s electronic medical record systems are separate from their email accounts and were not affected by this event.

UC San Diego Health continues to enhance their security controls, as appropriate, to minimize the risk of similar incidents in the future. They also continue to provide phishing prevention training and education to their employees.

UC San Diego Health is mailing notification letters to individuals whose information may have been involved in this event and is also providing individuals whose Social Security number was involved with complimentary credit monitoring and identity theft protection services.



March 14, 2024


Topic Area: Information Technology , Security


Recent Posts

Site Selection Mistakes: What Not To Do

Healthcare providers that treat site selection as a strategic decision, not a simple real estate deal, will be positioned for long-term success.


High-Performance EFCO Systems Shape MUSC's New Black River Medical Center

Case study: A sweeping curved-glass entrance, impact-resistant envelope and energy-efficient fenestration support a sustainable, resilient design for one of South Carolina’s newest rural hospitals.


Heritage Valley Health System to Officially Affiliate with Alleghany Health Network

With the affiliation now complete, Heritage Valley Beaver and Heritage Valley Sewickley will be rebranded.


The Impact of Acoustics on Patient Privacy

As healthcare facilities evolve toward more open and flexible care environments, acoustic privacy has become essential.


Texas Behavioral Health Center in Dallas Opens with Ribon-Cutting Ceremony

The 456,265-square-foot facility offers a variety of therapeutic, recreational and social spaces that prepare patients for life outside the hospital.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.