Roughly 1,800 patients of UC Davis Health System in California are being notified that their personal information may be at risk after the email accounts of three physicians were compromised in a phishing scam.
How many victims? Roughly 1,800.
What type of personal information? Names, medical record numbers and limited information associated with clinic visit or hospital admission.
What happened? Three physicians were victims of a phishing scam that resulted in the compromise of their email accounts, which contained information on patients.
What was the response? UC Davis Health System deleted the phishing emails from all staff accounts, blocked access to the phishing website, and actively warned staff about the scam. The California Department of Public Health, the California Attorney General's office and the federal Office of Civil Rights has been or will be notified of the incident. All impacted patients are being notified.
Details: The physicians' email accounts were compromised in the phishing attack in mid-December 2013. The physicians soon noticed emails being deleted from their accounts and emails being sent to addresses outside the health system from their accounts.
The health system email program is encrypted and other measures in place include email filtering and surveillance.
Quote: “The breach does not appear to have an identity-theft component, nor does it include access to the electronic health records of patients or their personal financial information,” according to a post on the UC Davis Health System website.
Source: ucdmc.ucdavis.edu, “Three physicians hit by phishing scam,” Jan. 27, 2014.