HealthITSecurity reports that both Los Angeles-based UCLA Health and Colorado-based UCHealth have disclosed being impacted by third-party data breaches.
UCLA Health has informed 94,000 patients regarding unintended data disclosure to third-party service providers due to data analytics tools integrated into the health system's public website and mobile app. Such analytics tools may have captured third-party cookies, and provider names and specialties, as well as hashed names, gender, mailing and email addresses, and phone numbers.
"It is important to note that these analytics tools never captured Social Security numbers, financial account numbers, or debit/credit card information," said UCLA Health, which disabled the tools in the web and app Appointment Request Forms last June.
Meanwhile, UCHealth had data from 48,879 individuals compromised by a breach at its hosted services provider Diligent.
Attackers were able to infiltrate Diligent's software and gained access to certain UCHealth patient, provider, and employee details, but the intrusion did not impact UCHealth's systems, said the provider in a notice sent to the Department of Health and Human Services.