UC San Diego Health
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
UC San Diego Health has experienced multiple data breaches over the past few years. The most recent incident, reported in March 2023, involved the use of analytics tools by their technology vendor, Solv Health, without UC San Diego Health’s authorization. This breach affected the scheduling websites for UC San Diego Health’s Express Care and Urgent Care locations. Patients who booked appointments between September 13 and December 22, 2022, may have had their personal information, including names, dates of birth, email addresses, IP addresses, third-party cookies, reason for visit, and insurance type, captured and transmitted to third-party service providers. It is important to note that Social Security numbers, medical record numbers, financial account numbers, or debit/credit card information were not collected by these analytics tools[1][7][8][9][10].
In a separate incident that occurred between December 2020 and April 2021, unauthorized access to some employee email accounts led to a significant data breach. This breach potentially exposed a wide range of personal and medical data, including full names, addresses, dates of birth, fax numbers, claims information, lab results, medical diagnoses and conditions, medical record numbers, prescription information, treatment information, Social Security numbers, government identification numbers, payment card numbers, student ID numbers, usernames, and passwords[2][4][5][13].
UC San Diego Health has taken steps to address these breaches, including notifying affected individuals, offering free credit monitoring and identity theft protection services, and enhancing security controls. They have also established a call center to answer questions about the security incident[2][5][7]. Additionally, UC San Diego Health was awarded $9.5 million to enhance cybersecurity in healthcare and has established a Center for Healthcare Cybersecurity at the university[11].
If you believe your data may have been impacted by these breaches, it is recommended to monitor your accounts for any suspicious activity, consider credit monitoring services, and follow any guidance provided by UC San Diego Health in their notifications.
Citations:
- https://today.ucsd.edu/story/uc-san-diego-health-notifies-patients-of-vendor-data-collection-issue
- https://www.nbcsandiego.com/news/local/data-breach-at-uc-san-diego-health-some-employee-email-accounts-impacted/2670302/
- https://www.thelyonfirm.com/class-action/data-breach/uc-san-diego-health/
- https://www.sandiegouniontribune.com/news/health/story/2021-07-27/uc-san-diego-health-announces-data-breach
- https://www.sandiegouniontribune.com/business/story/2021-09-23/sd-fi-ucsandiego-cyber-attack
- https://health.ucsd.edu/policies-notices/privacy/
- https://fox5sandiego.com/news/tech/data-breach-impacts-uc-san-diego-health-scheduling-site/
- https://healthitsecurity.com/news/uc-san-diego-health-discloses-healthcare-data-breach-stemming-from-vendor-pixel-use
- https://www.idstrong.com/data-breaches/uc-san-diego-health-breach/
- https://www.jdsupra.com/legalnews/uc-san-diego-health-announces-third-7712686/
- https://health.ucsd.edu/news/press-releases/2023-10-03-uc-san-diego-awarded-$9.5-million-to-enhance-cybersecurity-in-health-care
- https://www.hipaajournal.com/uc-san-diego-health-analytics-code-data-breach/
- https://healthitsecurity.com/news/uc-san-diego-health-sued-over-healthcare-data-breach
- https://www.scmagazine.com/news/uc-san-diego-health-pixel-tracking-incident