UC San Diego Health

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

UC San Diego Health has experienced multiple data breaches over the past few years. The most recent incident, reported in March 2023, involved the use of analytics tools by their technology vendor, Solv Health, without UC San Diego Health’s authorization. This breach affected the scheduling websites for UC San Diego Health’s Express Care and Urgent Care locations. Patients who booked appointments between September 13 and December 22, 2022, may have had their personal information, including names, dates of birth, email addresses, IP addresses, third-party cookies, reason for visit, and insurance type, captured and transmitted to third-party service providers. It is important to note that Social Security numbers, medical record numbers, financial account numbers, or debit/credit card information were not collected by these analytics tools[1][7][8][9][10].

In a separate incident that occurred between December 2020 and April 2021, unauthorized access to some employee email accounts led to a significant data breach. This breach potentially exposed a wide range of personal and medical data, including full names, addresses, dates of birth, fax numbers, claims information, lab results, medical diagnoses and conditions, medical record numbers, prescription information, treatment information, Social Security numbers, government identification numbers, payment card numbers, student ID numbers, usernames, and passwords[2][4][5][13].

UC San Diego Health has taken steps to address these breaches, including notifying affected individuals, offering free credit monitoring and identity theft protection services, and enhancing security controls. They have also established a call center to answer questions about the security incident[2][5][7]. Additionally, UC San Diego Health was awarded $9.5 million to enhance cybersecurity in healthcare and has established a Center for Healthcare Cybersecurity at the university[11].

If you believe your data may have been impacted by these breaches, it is recommended to monitor your accounts for any suspicious activity, consider credit monitoring services, and follow any guidance provided by UC San Diego Health in their notifications.

Citations:

  1. https://today.ucsd.edu/story/uc-san-diego-health-notifies-patients-of-vendor-data-collection-issue
  2. https://www.nbcsandiego.com/news/local/data-breach-at-uc-san-diego-health-some-employee-email-accounts-impacted/2670302/
  3. https://www.thelyonfirm.com/class-action/data-breach/uc-san-diego-health/
  4. https://www.sandiegouniontribune.com/news/health/story/2021-07-27/uc-san-diego-health-announces-data-breach
  5. https://www.sandiegouniontribune.com/business/story/2021-09-23/sd-fi-ucsandiego-cyber-attack
  6. https://health.ucsd.edu/policies-notices/privacy/
  7. https://fox5sandiego.com/news/tech/data-breach-impacts-uc-san-diego-health-scheduling-site/
  8. https://healthitsecurity.com/news/uc-san-diego-health-discloses-healthcare-data-breach-stemming-from-vendor-pixel-use
  9. https://www.idstrong.com/data-breaches/uc-san-diego-health-breach/
  10. https://www.jdsupra.com/legalnews/uc-san-diego-health-announces-third-7712686/
  11. https://health.ucsd.edu/news/press-releases/2023-10-03-uc-san-diego-awarded-$9.5-million-to-enhance-cybersecurity-in-health-care
  12. https://www.hipaajournal.com/uc-san-diego-health-analytics-code-data-breach/
  13. https://healthitsecurity.com/news/uc-san-diego-health-sued-over-healthcare-data-breach
  14. https://www.scmagazine.com/news/uc-san-diego-health-pixel-tracking-incident
Breach Submission Date Mar 16, 2023
Converted Entity Name UC San Diego Health
Converted Entity Type Healthcare Provider
State CA
Individuals Affected 23,000
Breach Type Unauthorized Access/Disclosure

Breach Information Location Network Server, Other

Business Associate Present Yes