UC San Diego Health

UC San Diego Health suffered a data breach via its third-party vendor, Solv Health, between **September 13 and December 22, 2022**. The incident exposed sensitive personal information of individuals who used Solv Health’s scheduling websites. Compromised data may include **names, dates of birth, email addresses, and insurance details**, though the exact number of affected individuals remains undisclosed. The breach stems from a vulnerability or security lapse within Solv Health’s systems, indirectly impacting UC San Diego Health’s patients. While no financial or medical records appear to have been stolen, the exposure of personally identifiable information (PII) raises concerns over potential identity theft, phishing, or fraudulent activities targeting the victims. The breach underscores risks associated with third-party vendor dependencies in healthcare data management, where even non-direct attacks can erode trust and necessitate regulatory disclosures under laws like **HIPAA** or **CCPA**. UC San Diego Health likely faced reputational damage and operational disruptions in addressing the fallout, including notifications, credit monitoring offers, and system audits to prevent future incidents.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-564440

TPRM report: https://www.rankiteo.com/company/ucsdhealth

"id": "ucs1016090725",
"linkid": "ucsdhealth",
"type": "Breach",
"date": "9/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Unknown',
                        'industry': 'Healthcare',
                        'location': 'California, USA',
                        'name': 'UC San Diego Health',
                        'type': 'Healthcare Provider'},
                       {'customers_affected': 'Unknown',
                        'industry': 'Healthcare Technology',
                        'name': 'Solv Health',
                        'type': 'Vendor'}],
 'data_breach': {'data_exfiltration': 'Likely',
                 'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': ['names',
                                                         'dates of birth',
                                                         'email addresses'],
                 'sensitivity_of_data': 'Moderate (PII)',
                 'type_of_data_compromised': ['personal information']},
 'description': 'The California Office of the Attorney General reported that '
                'UC San Diego Health experienced a data breach involving its '
                'vendor, Solv Health, between September 13 and December 22, '
                '2022. The breach may have compromised personal information '
                'such as names, dates of birth, email addresses, and insurance '
                'types for individuals who used scheduling websites, affecting '
                'an unknown number of individuals.',
 'impact': {'data_compromised': ['names',
                                 'dates of birth',
                                 'email addresses',
                                 'insurance types'],
            'identity_theft_risk': 'Potential',
            'systems_affected': ['scheduling websites']},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'UC San Diego Health Data Breach via Vendor Solv Health',
 'type': 'Data Breach'}