25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Patient Data Exposed in Phishing Attack on UC San Diego Health

Posted By on Mar 13, 2024

Data breaches have recently been reported by UC San Diego Health, Littleton Regional Healthcare, UT Southwestern Medical Center, and the Texas Health and Human Services Commission

UC San Diego Health Discloses January Phishing Attack

UC San Diego Health has recently notified the California Attorney General about a phishing attack that was discovered on January 9, 2024, which exposed the sensitive data of patients. Two Hillcrest Medical Center employees responded to the phishing emails and disclosed their credentials, which allowed their email accounts to be accessed by unauthorized individuals. UC San Diego Health said the email accounts were accessed for brief periods between January 9, 2024, and January 22, 2024.

A review of the exposed emails and attachments was completed on February 26, 2024, and confirmed that they contained patients’ protected health information such as names, Social Security numbers, and one or more of the following: mailing address; email address; date of birth; medical record number; health insurance information; treatment cost information; and/or clinical information, such as medications, provider name or diagnosis.

UC San Diego Health said it is enhancing its security controls and will continue to provide phishing prevention training and education to its employees. The affected individuals are being notified and are being offered complimentary credit monitoring and identity theft protection services.  The breach has been reported to the HHS’ Office for Civil Rights as affecting  1,642 individuals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Littleton Regional Healthcare Reports Email Error and the Impermissible Disclosure of Patient Information

Littleton Regional Healthcare in New Hampshire has recently reported a breach of the protected health information of 12,614 individuals. On January 2, 2024, an employee sent an email containing the names and dates of birth of patients to an individual who was not authorized to receive the information. That individual contacted Littleton Regional Healthcare the same day to report the error and confirmed that the information in the email had not been disclosed to anyone else and that the email had been deleted. Littleton Regional Healthcare has notified the affected individuals, reviewed appropriate policies and procedures, and has provided further training to employees to reduce the likelihood of similar errors in the future.

Texas Health and Human Services Commission Breach Affects More Than 3,300 Patients

The Texas Health and Human Services Commission (HHSC) has discovered an impermissible disclosure of the personal information of 3,392 individuals. On January 11, 2024, a member of staff emailed spreadsheets containing sensitive information to a personal email account. The spreadsheets contained the personal information of people who live in or around Tyler, Texarkana, Longview, Marshall, Beaumont, and Nacogdoches, and included full names, addresses, telephone numbers, financial information, health information, Medicaid numbers, and Social Security numbers. The spreadsheets were sent in several emails between September 2023 and October 2023.

The investigation into the breach concluded on February 2, 2024, and notification letters have now been mailed to the affected individuals, who have been offered 12 months of free credit monitoring services. HHSC said it has found no evidence to suggest that the spreadsheets have been shared with any other individuals or that the information has been misused. Additional training has been provided to the workforce to remind staff members of the importance of protecting confidential information.

UT Southwestern Medical Center Reports Software-Related Data Breach

UT Southwestern Medical Center has recently reported a breach to the Texas Attorney General that involved the protected health information of 2,094 individuals. Little information about the data breach has been disclosed at this stage, but the medical center has confirmed that the breach was not due to a cyberattack and was related to the internal use of unapproved software. The information that was involved included names, addresses, dates of birth, medical information, and health insurance information. UT Southwestern Medical Center individual notifications are currently being prepared and will be mailed shortly.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist