Employee email takeover exposed personal, medical data of students, employees and patients.
Authorities at the University of California San Diego Health reported a phishing attack lead to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data.
A Wednesday notice from UCSD Health explains the attack occurred between Dec. 2, 2020 and April 8, 2021 and exposed personal information including full names, addresses, date of birth, email, social security number and the date and cost of medical services.
UCSD Health said the matter was referred to the Federal Bureau of Investigation.
Read more: [Login to see the link]