SAN FRANCISCO – Over 600 patients at the University of California, San Francisco are being notified of a possible data breach that occurred when a hacker obtained e-mails containing their personal information.
UCSF officials say the breach occurred in late September 2009 when a faculty physician in the School of Medicine fell prey to a phishing scam. According to officials, the physician unknowingly provided the user name and password for his/her e-mail account in response to an e-mail message that appeared to come from the university's internal computer servers.
UCSF Enterprise Information Security officials identified the security breach and disabled the compromised password. After conducting a complete audit of the incident, the university determined that e-mails in the physician's account - including those containing demographic and clinical information (and, in the case of four individuals, Social Security numbers) - may have been exposed.
MIAOULIS NOTE: Just another example of how security can be breached. Does your training program cover Phishing? Could this happen at your facility? What are you doing to prevent? Learn from these incidents.