UC San Diego Health began notifying patients July 27 of an employee email security event that may have exposed their protected health information.
The health system discovered suspicious activity and unauthorized access to some of its employee email accounts April 8. After identifying the issue, UCSD terminated the unauthorized access and reported the event to the FBI, the health system said.
UCSD is still investigating the incident and declined Becker's comment request about how many patients were affected by the incident. In the notice, UCSD said it expects to complete its investigation in September.
While the investigation is ongoing, UCSD disclosed that the unauthorized email access occurred between Dec. 2, 2020, and April 8, 2021. The email accounts contained personal information including names, addresses, Social Security numbers, financial account numbers and prescription details of patients, students and employees.
UCSD will send individual notices to all those affected by the breach once the investigation is completed. The health system also is offering one year of free credit and identity monitoring services, according to the online notice.