UC Davis Health System is notifying 1,326 patients that a physician's work email account was accessed by an unknown source and an email within that account contained their personal or medical information.
How many victims? 1,326.
What type of personal information? Undisclosed personal or medical information, but electronic health records, Social Security numbers and financial information were not accessed.
What happened? An unknown source gained access to a UC Davis Health System physician's work email account, and emails within the account contained patient data.
What was the response? Access to the account was blocked and account credentials were changed. All impacted patients are being notified.
Details: The incident occurred late in the week of Sept. 28 to Oct. 4. A member of the UC Davis Health System IT team first noticed the problem when abnormal activity was detected in the physician's email account. The UC Davis Health System email program is encrypted, and there are measures to prevent these types of intrusions that include email filtering and surveillance.
Quote: “Data security experts are unable to determine the exact nature of the breach or whether any messages were specifically read, but it was determined that the physician's email was compromised by an unknown source, resulting in the potential impermissible access to this email account,” according to a release posted to the UC Davis Health System website.
Source: ucdmc.ucdavis.edu, “One physician's email account compromised by unknown source,” Oct. 7, 2014.
