UC San Diego Health reports data breach caused by phishing attack

UC San Diego Health ("UCSD Health"), based in San Diego, California, has reported a data breach that compromised several email accounts.

The incident, identified between January 9th, 2024, and January 22nd, 2024 caused by a phishing attack on certain employee email accounts. UC San Diego Health secured these accounts and launched an investigation to understand the scope of the breach. They reviewed compromised files to ascertain the extent of leaked information and the specific consumers affected.

The data accessed during this breach includes a range of personal and medical information such as:

• Names
• Social Security numbers
• Mailing addresses
• Email addresses
• Dates of birth
• Medical record numbers
• Health insurance information
• Treatment cost information
• Medical information

No details are disclosed about the number of affected individuals.

UCSD Health disclosed the breach to the Attorney General of California on March 8, 2024, and began notifying impacted individuals through letters detailing the information that had been accessed.