California's UC Davis Health System recently began notifying approximately 1,800 patients that their personal or medical information may have been exposed when three UC Davis physicians' e-mail accounts were compromised by phishing attacks in mid-December of 2013 (h/t PHIprivacy.net).
Information in the e-mails included names, medical record numbers and limited information associated with a clinic visit or hospital admission. No credit card numbers or Social Security numbers were exposed.
The breach was discovered when the affected physicians noticed that e-mails were being deleted from their accounts, and that their accounts were being used to send e-mails to addresses outside the UC Davis Health System.
"UC Davis Health System’s e-mail program is encrypted, and there are measures in place to prevent intrusions like this one from occurring, including e-mail filtering, cyber surveillance and staff training and education," UC Davis said in a statement. "Immediate actions to protect patient privacy were taken when it was discovered these e-mails were compromised, including deleting the phishing e-mail from other staff accounts, blocking access to the phishing Web site, and actively warning UC Davis staff about the scam."
Patients with questions are advised to contact (916) 734-8808.
Photo courtesy of Shutterstock.