Another data breach has surfaced online as UC San Diego Health discloses an incident exposing personal information. The incident happened following a phishing attack targeting its employees’ email account.
UC San Diego Health Data Breach
Recently, UC San Diego Health has admitted a data breach incident affecting its patients, employees, and students. UC San Diego Health is an academic health system working under the University of California.
As revealed through its breach notification, the facility suffered a phishing attack following which an unauthorized entity access some of its employees’ email account. Explaining further in a separate FAQ section, the facility stated that the breach potentially happened between December 2, 2020, and April 8, 2021. During this time, the attackers might have pilfered data from the service’s network that might include personal information.
The personal information accessed could potentially include full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number, and username and password.
What Next?
UCSD Health got the report of the attack on March 12, 2021. Consequently, it started investigations to find the phishing attack on April 8, 2021.
Upon detecting the incident, the service terminated the external access and reported the matter to the FBI. However, as it continued with the investigations, it took time to go for public disclosure.
Nonetheless, they have now started informing the affected individuals about the data breach.
Besides, the service has also pledged to offer free credit monitoring and identity theft to the affected individuals after completing the investigations. It will individually contact the individuals eligible for it.
Whereas, for security, it advises the users to change passwords and apply multi-factor authentication on their accounts.