University of California at San Francisco officials have warned approximately 600 patients that their medical data may have been leaked by a physician who fell for a phishing scam.

"An e-mail the unnamed physician received in September purported to come from UCSF IT workers performing an upgrade to internal servers," writes The Register's Dan Goodin. "It asked for a user name and password and the doc complied."

"In October, auditors determined that e-mails in the physician's account could have exposed clinical and demographic information for about 600 patients," Goodin writes.

Click here to read the story at The Register.