UC San Diego Health Breach Tied to Phishing Attack

[silversurfer]

Authorities at the University of California San Diego Health reported a phishing attack lead to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data.
 
A Wednesday notice from UCSD Health explains the attack occurred between Dec. 2, 2020 and April 8, 2021 and exposed personal information including full names, addresses, date of birth, email, social security number and the date and cost of medical services.
 
UCSD Health said the matter was referred to the Federal Bureau of Investigation.“This process of analyzing the data in the email accounts is ongoing,” the notice said. “UC San Diego Health is moving as quickly as possible while taking the care and time to deliver accurate information about which data was impacted. At this time, we are aware that these email accounts contained personal information associated with a subset of our patient, student, and employee community. This review will be complete in September.”

Dangers of Stolen Data
 
Post investigation, UCSD Health said it will contact individuals whose personal data was exposed and offer them a year of free identity theft protection services. However, experts point out, the potential risks associated with this type of data loss could impact victims for years.
 
“Fraudsters can leverage the medical records, lab results, Social Security numbers and government identification numbers to impersonate legitimate patients and commit insurance fraud, seek covered medical care and refill unauthorized prescriptions,” Robert Prigge, CEO of Jumio said. “It’s also possible the exposed information is already circulating on the dark web – where it can command a high value since there’s more personal information in health records than any other electronic database.”

Read more: UC San Diego Health Breach Tied to Phishing Attack | Threatpost