DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

University of California Davis Medical Center notifies 1,326 patients after doctor's email account compromised

Posted on October 13, 2014 by Dissent

The University of California Davis Medical Center (UC Davis Health System) is notifying patients of a breach that occurred on September 25.

According to a letter signed by Shara Merritt Reed, Privacy Program Director for UC Davis Health System, on September 26, an IT employee detected abnormal activity in the email account of one of their providers.

“Upon further investigation, it was determined that the provider’s email was compromised by an unknown source. This resulted in the unauthorized use and potential impermissible access of the email account,” Reed wrote.

“Since we are unable to determine the exact nature of the access by this unauthorized third-party, we are sending a letter to all patients who had information about them included in this email account.”

The provider whose account was compromised was not named.

No Social Security number, financial, or billing information would have been included in the emails. “Neither your personal email account nor your MyChart account, if you have one,” was affected, Reed wrote.

A copy of the patient notification template was submitted to California Attorney General’s web site.

In researching this notification, PHIprivacy.net found a notice on UC Davis Health System’s site posted on October 7 that indicated that it was a physician’s account that was compromised:

One physician’s email account compromised by unknown source

Late last week, it was determined that a UC Davis physician’s work email account was accessed by an unknown source. UC Davis Health System has notified 1,326 patients who had their personal or medical information included in an email within the compromised account. This event did not involve access to the electronic health records of patients, patients’ Social Security numbers or patients’ personal financial information.

A member of the UC Davis Information Technology team first noticed the problem when abnormal activity was detected in the physician’s email account.

Data security experts are unable to determine the exact nature of the breach or whether any messages were specifically read, but it was determined that the physician’s email was compromised by an unknown source, resulting in the potential impermissible access to this email account.

UC Davis Health System’s email program is encrypted, and there are measures in place to prevent intrusions like this one including email filtering and cyber surveillance from occurring. Immediate actions to protect patient privacy — including blocking access by the unauthorized user and changing the account credentials — were taken when it was discovered that the email account had been compromised.

UC Davis Health System has notified, or will be notifying, several government agencies – such as the California Department of Public Health, California Attorney General’s office and the federal Office for Civil Rights – about this incident.

Patients with questions about the incident may call the health system’s Compliance Department at (916) 734-8808 for additional information or advice.

UC Davis Health System is improving lives and transforming health care by providing excellent patient care, conducting groundbreaking research, fostering innovative, interprofessional education, and creating dynamic, productive partnerships with the community. The academic health system includes one of the country’s best medical schools, a 619-bed acute-care teaching hospital, a 1000-member physician’s practice group and the new Betty Irene Moore School of Nursing. It is home to a National Cancer Institute-designated comprehensive cancer center, an international neurodevelopmental institute, a stem cell institute and a comprehensive children’s hospital. Other nationally prominent centers focus on advancing telemedicine, improving vascular care, eliminating health disparities and translating research findings into new treatments for patients. Together, they make UC Davis a hub of innovation that is transforming health for all. For more information, visit healthsystem.ucdavis.edu.

This is not the first time this year that UC Davis Medical has reported compromised physician email accounts. In January, they notified 1,800 patients after three physicians reportedly fell for a phishing scheme. It is not clear whether phishing may have been responsible for the current breach.

Correction: Although the incident earlier this year was reported on UC Davis’s website as affecting approximately 1,800 patients, the incident was reported to HHS as affecting 2,269. It is not known which is the more recent or accurate figure, but given the specificity of 2,269 vs. an approximation, the higher figure is likely the correct one.

Category: Uncategorized

Post navigation

← Alleged Broadway Grill hacker now charged with stealing and selling 2 million credit card numbers
Home Depot now facing 21 class-action lawsuits over data breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.