California's UC Davis Health System recently began notifying approximately 1,800 patients that their personal or medical information may have been exposed when three UC Davis physicians' e-mail accounts were compromised by phishing attacks in mid-December of 2013 (h/t PHIprivacy.net).
Information in the e-mails included names, medical record numbers and limited information associated with a clinic visit or hospital admission. No credit card numbers or Social Security numbers were exposed.
The breach was discovered when the affected physicians noticed that e-mails were being deleted from their accounts, and that their accounts were being used to send e-mails to addresses outside the UC Davis Health System.
"UC Davis Health System’s e-mail program is encrypted, and there are measures in place to prevent intrusions like this one from occurring, including e-mail filtering, cyber surveillance and staff training and education," UC Davis said in a statement. "Immediate actions to protect patient privacy were taken when it was discovered these e-mails were compromised, including deleting the phishing e-mail from other staff accounts, blocking access to the phishing Web site, and actively warning UC Davis staff about the scam."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Patients with questions are advised to contact (916) 734-8808.