Sacramento, Calif.-based UC Davis Health alerted roughly 15,000 patients of a privacy breach July 5 after an employee's email account was compromised in a phishing scam.
A phishing email was sent to the employee — who has helped with informational and event mailings on behalf of UC Davis Health — May 15. After gaining acess to the account, the perpetrator proceeded to send emails to UC Davis Health employees, in which they made fraudulent requests for large transfers of funds.
The university's data security team has since secured the employee's account. The account contained limited patient information, such as names, addresses, phone numbers, and some Social Security numbers. The breach did not involve medical records or financial information, UC Davis Health told Becker's.
Health system officials said there is no indication the perpetrator accessed or acquired patient information, but UC Davis Health is offering identity and credit protection services to those affected. The health center also established a dedicated call center to answer patient questions.
"While an investigation continues into the unauthorized access, UC Davis Health is reviewing its cybersecurity capabilities, including employee awareness and training, to help further strengthen its overall electronic security and ensure patient privacy is maintained at all times," UC Davis Health told Becker's.
More articles on health IT:
Connecticut could gain another HIE
Former Amazon exec to join Alignment Healthcare as CTO
Brightree acquires AllCall Connect to enhance CPAP resupply solution