Monday, December 21, 2009

Internet security breach found at UCSF-PHISHING

SAN FRANCISCO – Over 600 patients at the University of California, San Francisco are being notified of a possible data breach that occurred when a hacker obtained e-mails containing their personal information.

UCSF officials say the breach occurred in late September 2009 when a faculty physician in the School of Medicine fell prey to a phishing scam. According to officials, the physician unknowingly provided the user name and password for his/her e-mail account in response to an e-mail message that appeared to come from the university's internal computer servers.

UCSF Enterprise Information Security officials identified the security breach and disabled the compromised password. After conducting a complete audit of the incident, the university determined that e-mails in the physician's account - including those containing demographic and clinical information (and, in the case of four individuals, Social Security numbers) - may have been exposed.
http://www.healthcareitnews.com/news/ucsf-notifies-600-patients-hacker-attempts
 
MIAOULIS NOTE:  Just another example of how security can be breached.  Does your training program cover Phishing?  Could this happen at your facility?  What are you doing to prevent?  Learn from these incidents.

7 comments:

hipaa said...

We are living in the world where everything is ruled over Internet and data breach is the common issue coming up. The privacy data especially patients’ vital information can easily be stolen or can be lost. It becomes essential for the call centers to remain updated with the latest security measures and to remain comply with HIPAA security law. Just few days back I have found one very useful website http://hipaatraining.net/. This site provides comprehensive HIPAA training courses in multiple formats, as well as services and products for covered entities & business associates to meet HIPAA compliance. They also provide online HIPAA training as well as self study kits.

Michael Carver said...

Wasn't there a security breach at the University of California in Berkeley? Hackers were able to gain access information to more than 160,000 student and alumni. I hope this will be the last hacking incident on the university.

email encryption

andreafox21 said...

You should be careful sharing your email address, and remember to never share your password. This is a wary tale of what can happen if you do.

web hosting uk

web development melbourne said...

It's easy to say you should carefully encrypt your data, but it's hard to do, especially with tons of hackers who have more knowledge than you.

Karl said...

The thing is, you just can't say that you're information is secured because hackers know what they do. I hope they can settle that issue and prevent another security breach in the future.

long island advertising agencies

multiple ip hosting services said...

I don't know what to say to those hackers. Do they really intend to harm the patients or just play with the hospitals records?

Jake Phillips said...

Often phishing scams use social engineering techniques by placing links in e-mail messages, on Web sites, or in instant messages that seem to come from a service that you trust, like your email/internet service provider, bank, credit card company, or social networking site. I have been receiving a lot of these messages before and it's so annoying.


local seo