Group items tagged

"UC San Francisco said late Tuesday it has alerted 600 patients and others that an external hacker may have obtained "temporary access to emails containing their personal information" as a result of a late September phishing scam. The breach occurred about three months ago, and was investigated in mid-October, but wasn't disclosed to the public until Dec. 15. Corinna Kaarlela, UCSF's news director, told the San Francisco Business Times late Tuesday that individuals whose data may have been compromised were notified between Oct. 21, when an in-depth investigation began, and Dec. 11, when it was completed. UCSF said Tuesday that an unnamed faculty physician in the School of Medicine was victimized in late September by the alleged scam. The physician provided a user name and password in response to an email message fabricated by a hacker, that appeared as if it came from those responsible for upgrading security on UCSF internal computer servers. UCSF's Enterprise Information Security unit subsequently identified the breach and disabled the compromised password. UCSF says it conducted an investigation and in mid-October determined that emails in the physician's account ─ including some containing demographic and clinical information and, in a few cases, Social Security numbers ─ may have been exposed."