UC San Diego Health has recently faced a significant cybersecurity breach that involved unauthorized access to certain employee email accounts. In an effort to keep the community informed, the health system provided detailed insights regarding the incident and its implications.
"UC San Diego Health recently identified and responded to a security matter involving unauthorized access to some employee email accounts," the organization stated. "At no time was continuity of care for our patients affected by the event."
"UC San Diego Health recently identified and responded to a security matter involving unauthorized access to some employee email accounts,"
Upon discovering the breach, UC San Diego Health took immediate steps to halt the unauthorized access, terminate the breach, and enhance security measures. To ensure a thorough investigation, the health system reported the incident to the FBI and enlisted the assistance of external cybersecurity experts. Their ongoing analysis aims to provide clarity on the nature of the breach, identify the impacted data, and determine ownership of the compromised information.
While the forensic investigation progresses, UC San Diego Health noted that personal data related to a subset of patients, students, and employees may have been accessed. The organization projected that this exhaustive review would conclude by September.
Impact and Legacy
"This process of analyzing the data in the email accounts is ongoing. We are moving as quickly as possible while taking the care and time to deliver accurate information about which data was impacted," the announcement emphasized.
By the Numbers
The types of personal information that could potentially be affected include full names, addresses, dates of birth, email addresses, medical diagnoses, treatment details, Social Security numbers, and even financial information such as credit card numbers.
Additionally, UC San Diego Health reassured the community about their commitment to protect personal information. They pledged to notify affected individuals—students, employees, and patients—once the forensic review is completed and current contact details are verified. "UC San Diego Health is committed to safeguarding our community’s personal information," the organization affirmed.
"UC San Diego Health is committed to safeguarding our community’s personal information,"
Looking Ahead
In recognition of the breach, UC San Diego Health will offer one year of free credit monitoring and identity theft protection services through Experian IdentityWorks to those impacted by the data compromise. Furthermore, proactive measures have already been taken, including changing employee credentials and enhancing security protocols to mitigate future risks.
"While we have a number of safeguards in place to protect information from unauthorized access, we are also always working to strengthen them so we can stay ahead of this type of threat activity," the health system stated.
"While we have a number of safeguards in place to protect information from unauthorized access, we are also always working to strengthen them so we can stay ahead of this type of threat activity,"
To mitigate the risk of identity theft and fraud, UC San Diego Health encouraged individuals to remain vigilant by regularly reviewing financial statements, monitoring credit reports, and examining Explanations of Benefits from health insurers. In cases of suspected identity theft, they advised contacting the respective company or local authorities.
The health system anticipates that they will send formal notifications to all individuals whose data was potentially compromised by September 30, 2021. In the meantime, a dedicated call center has been established, allowing individuals to address questions and concerns regarding the breach. The call center will operate toll-free in the U.S. from 6:00 a.m. to 8:00 p.m. PT on weekdays and from 8:00 a.m. to 5:00 p.m. PT on weekends.
UC San Diego Health’s commitment extends not only to addressing the current breach but also to implementing long-term improvements in their cybersecurity infrastructure. This situation underscores the pressing need for stringent cybersecurity measures in the healthcare sector, where sensitive personal data is routinely handled and protected.