UC San Diego Health suffered from a data breach that exposed number of patients, employees and others connected to UC San Diego Health potentially.
It was found that the breach occurred via unauthorized access to some employee email accounts, but it did not affect the continuity of care for their patients.
A UCSD Health spokesperson said Tuesday that ransomware, software often used to extort money from an organization, was not involved.
The compromised information includes full names, addresses, dates of birth, email addresses, fax numbers, claims information including dates and costs of care received, laboratory results, medical diagnoses and conditions, medical record numbers, prescription information, treatment information, Social Security numbers, government identification numbers, financial account numbers, student identification numbers, usernames and passwords.
They notified people, and the letters each person receives precisely reflect the information that would have been impacted for that particular person.
TPRM report: https://scoringcyber.rankiteo.com/company/ucsdhealth
"id": "ucs22335223",
"linkid": "ucsdhealth",
"type": "Breach",
"date": "07/2021",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'San Diego, CA',
'name': 'UC San Diego Health',
'type': 'Healthcare'}],
'attack_vector': 'Unauthorized access to employee email accounts',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['full names',
'addresses',
'dates of birth',
'email addresses',
'fax numbers',
'claims information including '
'dates and costs of care '
'received',
'laboratory results',
'medical diagnoses and '
'conditions',
'medical record numbers',
'prescription information',
'treatment information',
'Social Security numbers',
'government identification '
'numbers',
'financial account numbers',
'student identification numbers',
'usernames and passwords']},
'description': 'UC San Diego Health suffered from a data breach that exposed '
'the information of patients, employees, and others connected '
'to UC San Diego Health potentially.',
'impact': {'data_compromised': ['full names',
'addresses',
'dates of birth',
'email addresses',
'fax numbers',
'claims information including dates and costs '
'of care received',
'laboratory results',
'medical diagnoses and conditions',
'medical record numbers',
'prescription information',
'treatment information',
'Social Security numbers',
'government identification numbers',
'financial account numbers',
'student identification numbers',
'usernames and passwords']},
'initial_access_broker': {'entry_point': 'Employee email accounts'},
'response': {'communication_strategy': 'Individuals were notified, and the '
'letters each person receives '
'precisely reflect the information '
'that would have been impacted for '
'that particular person.'},
'title': 'UC San Diego Health Data Breach',
'type': 'Data Breach'}