An employee of Sacramento, Calif.-based UC Davis Health accessed the health system's electronic health records system without proper cause, potentially compromising the personal information of 408 patients.
On Aug. 5, UC Davis learned the employee had accessed its EHR system, without a work purpose, between November 2, 2017, and July 18, 2022.
The employee was able to view patient information such as names, dates of birth, medical record numbers, addresses, phone numbers and clinical information contained in medical records. Financial information, billing information and Social Security numbers were not viewed by the employee, according to a Dec. 6 breach notification from UC Davis.
The health system said it has no evidence that any information was removed from the records or shared with anyone else.
Between Aug. 23 and Aug. 25, UC Davis worked to notify all affected patients but said it was unable to reach 22 individuals who had been affected by the incident.