The University of California, San Francisco (UCSF) experienced a data breach on **February 9, 2023**, disclosed on **April 26, 2023**, due to a **phishing attack** targeting UCSF email accounts. The breach exposed sensitive personal information of individuals, including **First Name, Last Name, Date of Birth, Medical Record Number (MRN), and Date of Service**. The exact number of affected individuals remains undetermined, but the compromised data poses risks of identity theft, medical fraud, or targeted scams. The attack exploited human vulnerability through phishing, leading to unauthorized access to employee email accounts, which likely contained or facilitated access to patient records. While no ransomware was involved, the exposure of **protected health information (PHI)**—particularly MRNs and service dates—heightens concerns over compliance violations (e.g., HIPAA) and potential misuse of medical data. The breach underscores the persistent threat of social engineering attacks in healthcare institutions, where employee credentials serve as gateways to highly sensitive systems.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-566010
TPRM report: https://www.rankiteo.com/company/ucsfhealth
"id": "ucs157082025",
"linkid": "ucsfhealth",
"type": "Breach",
"date": "2/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': ['Education', 'Healthcare'],
'location': 'San Francisco, California, USA',
'name': 'University of California, San Francisco '
'(UCSF)',
'type': 'Educational Institution / Healthcare '
'Provider'}],
'attack_vector': 'Phishing',
'data_breach': {'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['First Name',
'Last Name',
'Date of Birth',
'MRN',
'Date of Service'],
'sensitivity_of_data': 'High (includes MRN and PHI)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2023-02-09',
'date_publicly_disclosed': '2023-04-26',
'description': 'The California Office of the Attorney General reported a data '
'breach involving the University of California, San Francisco '
'(UCSF) on April 26, 2023. The breach occurred on February 9, '
'2023, due to a phishing attack that compromised some UCSF '
"email accounts, potentially exposing individuals' First Name, "
'Last Name, Date of Birth, MRN (Medical Record Number), and '
'Date of Service. The number of individuals affected is '
'currently unknown.',
'impact': {'data_compromised': ['First Name',
'Last Name',
'Date of Birth',
'MRN',
'Date of Service'],
'identity_theft_risk': 'Potential (PII exposed)',
'systems_affected': ['Email Accounts']},
'initial_access_broker': {'entry_point': 'Phishing (compromised email '
'accounts)'},
'references': [{'date_accessed': '2023-04-26',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potentially HIPAA (Health '
'Insurance Portability and '
'Accountability Act)',
'California Consumer '
'Privacy Act (CCPA)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Data Breach at University of California, San Francisco (UCSF) via '
'Phishing Attack',
'type': 'Data Breach'}