A former patient has sued UC San Diego Health claiming the health system took too long to notify patients of a data breach and that it had inadequate cybersecurity measures in place after hackers accessed employee email accounts for four months, according to a Sept. 24 report by the The San Diego Tribune.
Five details:
- The lawsuit, filed in San Diego federal court by a cancer patient, alleges negligence, breach of contract and a violation of California medical confidentiality and privacy laws.
- The suit also claims that the system took too long to notify patients of the breach, that the system failed to implement responsible cybersecurity practices, failed to train employees about phishing incidents and lacked the procedures necessary to detect the breach quickly.
- The suit is seeking class-action status and unspecified damages.
- On Sept. 7, the system began notifying 496,949 patients who were affected by the breach. The system said that the unauthorized email access occurred between Dec. 2, 2020, and April 8, 2021. Exposed information includes names, birthdates, Social Security numbers, financial account numbers and health-related information.
- UC San Diego and a university spokesperson declined to comment to the Tribune regarding pending litigation.