March 11, 2024

UC San Diego Health Announces Data Breach Following January 2024 Phishing Attack

+ Follow Contact

Send

Embed

On March 8, 2024, UC San Diego Health (“UCSD Health”) filed a notice of data breach with the Attorney General of California after discovering an email phishing attack gave an unauthorized party access to various email accounts. In this notice, UCSD Health explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, mailing addresses, email addresses, dates of birth, medical record numbers, health insurance information, treatment cost information, and medical information. Upon completing its investigation, UCSD Health began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from UC San Diego Health, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the UC San Diego Health data breach. For more information, please see our recent piece on the topic here.

What Caused the UC San Diego Health Data Breach?

The UC San Diego Health data breach was only recently announced, and more information is expected in the near future. However, UCSD Health’s filing with the Attorney General of California provides some important information on what led up to the breach. UCSD Health also posted a website notice discussing the incident.

According to these sources, on January 9, 2024, UC San Diego Health learned that an unauthorized party had been able to access certain employee email accounts through a phishing attack. In response, UC San Diego Health secured the affected email accounts and then launched an investigation.

Ultimately, UC San Diego Health confirmed that the unauthorized party was able to access multiple employee email accounts between January 9, 2024 and January 22, 2024. As a result, the unauthorized party was able to access confidential information stored within the affected email accounts.

After learning that sensitive consumer data was accessible to an unauthorized party, UC San Diego Health reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, mailing address, email address, date of birth, medical record number, health insurance information, treatment cost information, and medical information.

On March 8, 2024, UC San Diego Health sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About UC San Diego Health

The UC San Diego Health System is a regional health system based out of San Diego, California. UCSD Health operates UC, San Diego Medical Center, Jacobs Medical Center, East Campus Medical Center, Moores Cancer Center, and Sulpizio Cardiovascular Center, as well as dozens of clinics in the San Diego area. UC San Diego Health employs more than 17,000 people and generates approximately $2.5 billion in annual revenue.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.