Security News > 2021 > July > UC San Diego Health Breach Tied to Phishing Attack

Authorities at the University of California San Diego Health reported a phishing attack lead to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data.

A Wednesday notice from UCSD Health explains the attack occurred between Dec. 2, 2020 and April 8, 2021 and exposed personal information including full names, addresses, date of birth, email, social security number and the date and cost of medical services.

"UC San Diego Health is moving as quickly as possible while taking the care and time to deliver accurate information about which data was impacted. At this time, we are aware that these email accounts contained personal information associated with a subset of our patient, student, and employee community. This review will be complete in September."

Post investigation, UCSD Health said it will contact individuals whose personal data was exposed and offer them a year of free identity theft protection services.

Still, despite the rising number of attacks against the health care sector throughout the COVID-19 pandemic, medical cybersecurity hasn't kept apace, said Anurag Kahol, CTO and Cofounder of Bitglass.

"UC San Diego Health has stated that they have taken steps to enhance their security processes and procedures," Townsend said.

News URL

https://threatpost.com/uc-san-diego-health-breach/168250/