UC San Diego Health, a California based healthcare service provider, reportedly suffered a data breach early this year, and it notified the 450,000 victims from September 7th, 2021.
Going further, the details of the security incident was made public by the health services provider in July this year in which it stated that it became a victim of a phishing attack as one of its employees fell prey to email bait that led to the leak of sensitive information of millions of patients, students and employees.
Disclosing the details further via email, the health system said that hackers might have accessed patient records between December 2nd, 2020 and April 8th, 2021 containing data such as full names, addresses, Dobs, email addresses, fax numbers, claims reports, diagnosis reports, prescription info, treatment info, social security numbers, government ID numbers, financial details, student ID numbers, usernames, passwords and such.
After UC San Diego Health notified the affected individuals, a lawyer representing a cancer patient from El Cajon filed a lawsuit in a district court of California, as he felt that the health system failed to follow the basic principle of protecting the data of its patients from hackers, thus deeply violating California Consumer Privacy and Medical Confidentiality laws.
The medical lawsuit filed mid last week is seeking compensation for all those individuals who were affected with the personal info exposure and a class-action suit seeking unspecified damages has been filed.
Note- All companies serving the healthcare sector should train their employees on how to avoid phishing attacks by following the basics in cybersecurity hygiene.