It has been revealed that UC Davis Health suffered a breach caused by a phishing email on May 15, 2017. The email allowed the attackers to gain access to the email account that is said to have included patient information, such as names, addresses, contact details, and, in some instances, social security numbers, and even diagnoses. On May 17, the attacker posed as the account owner and sent a number of emails to other UC Davis employees demanding large sums of money. This was noticed and appropriate actions were then taken to secure the account.
UC Davis Health advised that it is in the process of contacting approximately 15,000 patients to notify them of the situation:
Though there is no indication that the breach resulted in the actual acquisition of or access to personal or medical information, out of an abundance of caution, the university is notifying patients whose information was stored in the account.
As the information at risk is highly sensitive, UC Davis is offering both identity and credit protection to those potentially affected by this breach. The university has advised that there are security measures in place to prevent these kinds of events and said that “As part of the ongoing investigation, UC Davis Health is evaluating the need for additional security monitoring or education initiatives.”
Protect your company and educate your staff
Take action against the increasing threat of targeted phishing attacks by educating your employees to be vigilant and secure. Your staff are on the frontline: give them the awareness training they need by enrolling them on our Phishing Staff Awareness Course.