Notice to Our Patients of Phishing Event

UC San Diego Health takes the privacy and security of personal information very seriously. Regrettably, this notice concerns a phishing event that involved some of that information.

What Happened?

On January 9, 2024, UC San Diego Health identified a phishing attack against its employees, which resulted in unauthorized access to two employee email accounts. “Phishing” occurs when an email is sent that looks like it is from a trustworthy source, but it is not. The email misleads the recipient to share or provide access to their email login information.

When UC San Diego Health discovered the event, we immediately secured the email accounts and enhanced our security controls. We also began an investigation to determine what happened, what information was involved, and to whom the information belonged. Our investigation determined the accounts were accessed for brief periods of time between January 9 and January 22, 2024. We conducted a detailed review and analysis of the email accounts’ contents, which was completed on or about February 26, 2024.

What Information Was Involved?

The information involved was related to patients in our Lung Transplant and Rheumatology departments. The information varied by individual but may have included patient names; addresses; email addresses; dates of birth; medical record numbers; health insurance information; treatment cost information; and/or clinical information, such as medications, provider name or diagnosis. For a limited number of patients, a Social Security number was also included.

UC San Diego Health’s electronic medical record systems are separate from our email accounts and were not affected by this event.

What We Are Doing

UC San Diego Health considers the health, safety and privacy of patients a top priority. We continue to enhance our security controls, as appropriate, to minimize the risk of similar incidents in the future. We also continue to provide phishing prevention training and education to our employees.

UC San Diego Health is mailing notification letters to individuals whose information may have been involved in this event and is also providing individuals whose Social Security number was involved with complimentary credit monitoring and identity theft protection services.

What You Can Do

It is always a good idea to remain alert to threats of identity theft or fraud. You can do this by regularly reviewing and monitoring your financial statements, credit reports, and Explanations of Benefits (EOBs) from your health insurers for any unauthorized activity. If you ever suspect that you are the victim of identity theft or fraud, you should contact the company that maintains the account on your behalf or your local police.

For More Information

UC San Diego Health has established a dedicated call center to answer questions. The call center is available toll free in the U.S. at 1-833-918-7475 from 6 a.m. to 8 p.m. PT Monday through Friday and from 8 a.m. to 5 p.m. PT Saturday and Sunday. Please reference Engagement No. B117735, and a dedicated Experian representative on behalf of UC San Diego Health will be available to assist community members.