UC San Diego Health has issued notifications to individuals regarding a recent phishing event affecting patient information. Discovered on January 9, 2024, the incident involved unauthorized access to two employee email accounts through a phishing attack. Prompt measures were taken to secure the compromised accounts and enhance security protocols. An investigation was initiated to ascertain the extent of the breach, which determined that the unauthorized access occurred between January 9 and January 22, 2024. Patient data from the lung transplant and rheumatology departments were potentially compromised, including names, addresses, email addresses, medical records, health insurance information, treatment costs, clinical details, and Social Security numbers for a limited subset of patients. UC San Diego Health emphasizes its commitment to patient privacy and safety by continually improving security measures and providing phishing prevention training to employees. Affected individuals are being notified via mail, with those whose Social Security numbers were involved offered complimentary credit monitoring and identity theft protection services. Patients are advised to remain vigilant by regularly monitoring financial statements, credit reports, and health insurance statements for any unauthorized activity, and to promptly report any suspicions of identity theft or fraud.
In response to the phishing event, UC San Diego Health has taken immediate steps to safeguard patient information and mitigate risks of similar incidents in the future. By securing compromised email accounts and conducting thorough investigations, UC San Diego Health aims to ensure the integrity and confidentiality of patient data. Efforts are underway to provide support and assistance to affected individuals, including the establishment of a dedicated call center to address inquiries and concerns. Moreover, UC San Diego Health is committed to transparency and accountability, as evidenced by the provision of comprehensive information regarding the incident and available resources for affected individuals. As part of its ongoing commitment to patient safety, UC San Diego Health continues to prioritize cybersecurity measures and employee training to prevent future breaches and protect patient privacy.