Phishing Attacks Expose 1,800 UC Davis Patients' Data

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

California's UC Davis Health System recently began notifying approximately 1,800 patients that their personal or medical information may have been exposed when three UC Davis physicians' e-mail accounts were compromised by phishing attacks in mid-December of 2013 (h/t PHIprivacy.net).

Information in the e-mails included names, medical record numbers and limited information associated with a clinic visit or hospital admission. No credit card numbers or Social Security numbers were exposed.

The breach was discovered when the affected physicians noticed that e-mails were being deleted from their accounts, and that their accounts were being used to send e-mails to addresses outside the UC Davis Health System.

"UC Davis Health System’s e-mail program is encrypted, and there are measures in place to prevent intrusions like this one from occurring, including e-mail filtering, cyber surveillance and staff training and education," UC Davis said in a statement. "Immediate actions to protect patient privacy were taken when it was discovered these e-mails were compromised, including deleting the phishing e-mail from other staff accounts, blocking access to the phishing Web site, and actively warning UC Davis staff about the scam."

Patients with questions are advised to contact (916) 734-8808.