500,000 Patients’ Data Exposed in UC San Diego Health Breach 

UC San Diego Health Announces Data Breach | KPBS

What happened?

On September 7, 2021, UC San Diego Health began notifying 495,949 individuals that a cybersecurity breach occurred and their data had been compromised. The compromised data included personally identifiable information like name, phone numbers, email address, addresses and fax numbers. In addition, many patients had sensitive health data compromised like lab results, diagnoses, conditions, date and cost of care, social security numbers, financial account numbers and more. 

 

Numerous lawsuits have been filed against UC San Diego Health with ranging claims. Many lawsuits stated that UC San Diego Health had little to no cybersecurity protocols and they did not train their employees to recognize cyberattacks like phishing emails.  UC San Diego Health has responded to the incident by promising identity theft protection services and insurance reimbursement policies.

Phishing, Credentials, Data, Login

Implications:

This cyberattack is still relatively fresh and the implications are vast for both the victims and UC San Diego Health. It may take years to fully recover from a breach of this caliber due to the sensitive information shared. Some of the implications of this attack include:

Identity theft: The most drastic implication from this cyberattack is the limitless possibilities of identity theft for nearly half a million victims. In a normal breach, a hacker may obtain names, phones and addresses. Since this is a healthcare breach, the hackers got data like social security numbers, lab results, financial accounts numbers and more. There’s no limit to what a hacker can do with this type of data. 

More healthcare breaches: The success of this cyberattack will motivate other hackers to target healthcare organizations. Healthcare is already a sensitive industry, but seeing a huge health system like UC San Diego Health fall so easily to a cyberattack will mean rampant cyberattacks 

Years of legal and compliance ramifications: The lawyers of the victims in addition to the city of San Diego and state of California will pursue several actions against UC San Diego Health for the foreseeable future. First, UC San Diego Health will have to pay and aid any victims who get targeted by hackers due to the breach. Additionally, the compliance programs in the city of San Diego and state of California will have to take drastic measures to ensure this incident doesn’t happen again. 

How can you prevent your business from a breach?

Businesses can start taking proactive steps to prevent breaches like this from happening. Some simple steps include:

  • Employee training: Training your employees to recognize cyberattacks like ransomware and phishing will go a long way in protecting your organization. In the UC San Diego Health breach, numerous attorneys mentioned how UC San Diego Health employees fell victim to phishing emails.
  • Firewalls: Incorporating firewalls into your internal networks and systems is a great measure to prevent hackers from getting access to your organization and employees. This will help shield your organization from the majority of common cyberattack methods.

To learn more how to prevent breaches from reaching your business, get a free assessment here