In a press release posted on their site, they report that on July 6, they learned of a phishing attack that led to unauthorized access to “a limited number of UC Health employee e-mail accounts between July 6, 2019 and July 12, 2019.” They did not reveal what that “limited number was.”
As is often the case, their ongoing investigation has been unable to determine if any emails or attachments were actually viewed, so they will have to notify everyone potentially affected. The kinds of information contained in the emails included patients’ names, dates of birth, medical record numbers and clinical information. Postal letters have not yet been sent out to those affected, and it does not appear that they will be offered any services such as credit monitoring.