Phishing Scam Hits UC Davis Health

UC Davis Health System in Sacramento is notify about 1,800 patients that emails containing protected health information may have been breached after three physicians fell victim to a phishing scam in December.


UC Davis Health System in Sacramento is notify about 1,800 patients that emails containing protected health information may have been breached after three physicians fell victim to a phishing scam in December.

“The breach does not appear to have an identity-theft component, nor does it include access to the electronic health records of patients or their personal financial information,” according to a statement from the delivery system.

The breach was discovered after the physicians noticed deletion of emails from their accounts and found their email was being used to send messages outside UC Davis Health System, “presumably to obtain personal financial information, passwords and other identifiers.” Information in the emails included patient name, medical record number and limited information associated with a clinic visit or hospitalization. Social Security numbers and debit/credit card information were not affected.

The health system’s email is encrypted and other protections include email filtering, cyber surveillance and staff education. Following discovery of the breach, phishing email in other staff accounts was deleted and access to the phishing Web site was blocked.

“While data security experts are unable to determine the exact nature of the breach or whether any messages were specifically read, they say that the automated nature of typical phishing scams makes it makes it unlikely that content from individual messages was viewed,” according to the statement.

More for you

Loading data for hdm_tax_topic #reducing-cost...