The Sacramento, Calif.-based UC Davis Health System is notifying patients of a potential data breach after an unknown source hacked into the email account of one of the health system’s physicians.
On Sept. 26, a member of UC Davis’ IT team detected “abnormal activity” in the email account of one its providers. After further investigation, it was determined that the email account was compromised. Since UC Davis is unable to determine the exact nature of the access by this unauthorized third-party, it has decided to send a letter to all patients who had information about them included in the email account. News media outlets have reported that this letter has been sent to 1,326 patients.
According to the letter, UC Davis providers sometimes use their UC Davis email for patient care purposes. For example, staff may communicate about upcoming appointments, or providers might discuss patient care during a consult or referral. When this happens, limited amounts of patient information may be included in the provider’s email account. UC Davis officials say there was no financial, billing, social security or other identifying information about any patient in the email.
Earlier this year, the health system reported another data breach after an internet phishing scam affected three UC Davis clinicians in December 2013. That breach involved approximately 2,000 patients.