Chris Rauber reports:
UC San Francisco said late Tuesday it has alerted 600 patients and others that an external hacker may have obtained “temporary access to emails containing their personal information” as a result of a late September phishing scam.
The breach occurred about three months ago, and was investigated in mid-October, but wasn’t disclosed to the public until Dec. 15. Corinna Kaarlela, UCSF’s news director, told the San Francisco Business Times late Tuesday that individuals whose data may have been compromised were notified between Oct. 21, when an in-depth investigation began, and Dec. 11, when it was completed.
UCSF said Tuesday that an unnamed faculty physician in the School of Medicine was victimized in late September by the alleged scam. The physician provided a user name and password in response to an email message fabricated by a hacker, that appeared as if it came from those responsible for upgrading security on UCSF internal computer servers.
Read more in the San Francisco Business Times.