Late last week, it was determined that a UC Davis physician's work email account was accessed by an unknown source. UC Davis Health System has notified 1,326 patients who had their personal or medical information included in an email within the compromised account. This event did not involve access to the electronic health records of patients, patients' Social Security numbers or patients' personal financial information.
A member of the UC Davis Information Technology team first noticed the problem when abnormal activity was detected in the physician's email account.
Data security experts are unable to determine the exact nature of the breach or whether any messages were specifically read, but it was determined that the physician's email was compromised by an unknown source, resulting in the potential impermissible access to this email account.
UC Davis Health System’s email program is encrypted, and there are measures in place to prevent intrusions like this one including email filtering and cyber surveillance from occurring. Immediate actions to protect patient privacy -- including blocking access by the unauthorized user and changing the account credentials -- were taken when it was discovered that the email account had been compromised.
UC Davis Health System has notified, or will be notifying, several government agencies – such as the California Department of Public Health, California Attorney General’s office and the federal Office for Civil Rights – about this incident.
Patients with questions about the incident may call the health system’s Compliance Department at (916) 734-8808 for additional information or advice.