Major healthcare system UC San Diego Health has disclosed a data breach that may have compromised the personal data of employees, students, and patients.
The incident involved unauthorized access to employee email accounts, officials report. These accounts contained personal information associated with a subset of the patient, student, and employee community, though UC San Diego Health is still in the process of analyzing data in the accounts. The FBI has been notified and external security experts have been hired to investigate the event.
There is no evidence other systems have been affected, and it's expected the review will be complete in September, according to the breach disclosure.
Between Dec. 2, 2020, and April 8, 2021, UC San Diego Health says the following personal information may have been accessed or taken: full name, address, date of birth, email, fax number, Social Security number, government identification number, payment card number or financial account number and security code, student ID number, and username and password.
The breach may have also affected a range of health data, including claims information (date and cost of health care services and claims identifiers), lab results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, and medical information.
While officials and investigators are still working to determine what happens and whose data was affected, UC San Diego Health says it will send individual notices to the students, employees, and patients whose personal information was in the email accounts, where current contact information is available.