UC San Diego Hospital Victim of Phishing, Medical Records Accessed
The UC San Diego hospital released a statement on July 27, 2021 informing the public of a data breach. Bad actors gained access to email accounts belonging to hospital staff.
ZDNet reported that the hospital's executive director of communications and media confirmed that the breach was the result of a phishing campaign.
The stretch of time over which the bad actors had access to personally identifiable data is a bit worrying. ZDNet reported that the hackers could access data of patients, hospital employees as well as medical students over the course of nearly 5 months, between early December 2020 and early April 2021.
The personally identifiable information that was accessible included names and addresses, diagnosis and medical condition data, information on prescriptions and assigned treatments, social security numbers and payment card numbers.
A bit worryingly, the hospital became aware of the usual signs of breach or attack - suspicious activity, but it took the IT team nearly a month to pin this down as a security issue.
The FBI has been contacted and brought into the matter as well, which is not unusual, given the nature of the breach and of the information accessed without permission.
The hospital is taking all necessary measures to inform anyone who might be affected by the data breach and has set up a call center to handle requests and inquiries from people who might be worried about the matter or potentially have their data exposed in the breach.