Phishing Attacks Reported by UC San Diego Health and UnitedHealthcare

UC San Diego Health has discovered unauthorized individuals gained access to the email accounts of some of its employees and may have accessed or exfiltrated emails containing patient data. The email accounts were compromised as a result of employees responding to phishing emails and disclosing their email credentials.

The email environment has now been secured and additional measures have been implemented to improve security. The investigation into the breach revealed the first email account was compromised on December 2, 2020, and others were compromised up until April 8, 2020.

At this stage, no evidence has been found to indicate any emails or email attachments were subjected to unauthorized access between December 2020 and April 2021, and no reports have been received that suggest the protected health information (PHI) of patients has been misused; however, it was not possible to rule out unauthorized PHI access and data exfiltration.

The investigation into the breach is ongoing to identify exactly what happened and the information that has been affected. Notification letters will be sent to all affected individuals once the forensic investigation is completed. The full review of affected email accounts is expected to take until September. Individual notifications will be issued no later than September 30, 2021. Affected individuals will be offered a complimentary membership to credit monitoring services for 12 months.

UC San Diego Health explained in its substitute breach notice that the following types of information were contained in the compromised email accounts: full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number, and username and password.

Community members have been warned to be vigilant and to monitor their financial accounts and explanation of benefits statements for signs of identity theft or other fraudulent activity.

UnitedHealthcare Reports Breach Affecting 2,330 Plan Members

The health plan provider UnitedHealthcare has announced the protected health information of 2,330 plan members has been exposed in a phishing attack on one of its insurance brokers – Academic HealthPlans, Inc. (AHP).

AHP identified suspicious activity in its email system on June 21, 2021. Steps were immediately taken to block further unauthorized access and an investigation was launched to determine the nature and extent of the breach. AHP determined that two employee email accounts had been compromised after the employees responded to phishing emails and that email accounts were subject to unauthorized access between August 6, 2020 and August 24, 2020 and on October 2, 2020. The security breach was limited to the Microsoft 365 cloud-based email system.

A review of the email accounts revealed they contained names, member identification numbers, Social Security Numbers, credit/debit card information, dates of birth, addresses, plan information, and claim information. Notification letters were sent to affected individuals on July 20, 2021 and a complimentary 2-year membership to identity theft protection services has been offered to affected individuals. AHP found no evidence suggesting emails in the account had been viewed or acquired.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.