Following a cyberattack that occurred between December 2, 2020, and April 8, 2021, an academic healthcare system in California is facing legal action. The cyberattack caused a data breach that potentially exposed sensitive information pertaining to half a million patients, employees, and students. The healthcare organization, UC San Diego Health, disclosed the incident in July through a public notice that claimed unauthorized access was detected on some employee email accounts.
The breach occurred after an employee clicked on bait pushed in a phishing attack that led the victim to a malicious site. Email accounts were shut down on April 8. The health system stated that the information exposed included Social Security numbers, laboratory results, medical diagnoses and conditions, medical record numbers, prescription information, usernames, passwords, financial account numbers, government identification numbers, and more. A cancer patient from El Cajon filed a lawsuit against UC San Diego Health last week due to the data breach. The patient is accusing the healthcare system of breach of contract, negligence, and violating California consumer privacy and medical confidentiality laws.
Read More: California Hospital Sued Over Data Breach