UC Davis Health System in Sacramento is notify about 1,800 patients that emails containing protected health information may have been breached after three physicians fell victim to a phishing scam in December.

“The breach does not appear to have an identity-theft component, nor does it include access to the electronic health records of patients or their personal financial information,” according to a statement from the delivery system.

The breach was discovered after the physicians noticed deletion of emails from their accounts and found their email was being used to send messages outside UC Davis Health System, “presumably to obtain personal financial information, passwords and other identifiers.” Information in the emails included patient name, medical record number and limited information associated with a clinic visit or hospitalization. Social Security numbers and debit/credit card information were not affected.

The health system’s email is encrypted and other protections include email filtering, cyber surveillance and staff education. Following discovery of the breach, phishing email in other staff accounts was deleted and access to the phishing Web site was blocked.

“While data security experts are unable to determine the exact nature of the breach or whether any messages were specifically read, they say that the automated nature of typical phishing scams makes it makes it unlikely that content from individual messages was viewed,” according to the statement.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access