UCSF Doctor Puts Patient Data at Stake
As per the details given by the University of California, San Francisco (UCSF), a faculty doctor granted an easy access to the personal details of around 600 patients to hackers by responding to a phishing e-mail.
It was somewhere in September 2009 that the breach occurred and was investigated in October 2009. However, the public was not informed of the case until December 15, 2009.
The doctor accountable for the breach was not identified by the University. He replied to a fake e-mail that was after username and password details. The message was so titled that it appeared to come from UCSF employees upgrading the security on the University's computer system.
The breach was subsequently detected by the Enterprise Information Security Unit of UCSF and rendered the compromised password disable.
Corinna Kaarela, news director, UCSF, noted that the individuals whose details were suspected of being compromised were informed between October 21 (the day detailed investigation took off) and December 11, 2009 (the day the investigation came to an end), as per the news published by San Francisco Business Times on December 15, 2009.
However there are no implications of the hackers accessing the e-mails containing demographic and clinical details in most instances, but UCSF suggested these people to have a look at the "explanation of benefits" sent by the health insurer. They are also advised to review the payments they are unable to recognize; in case, any unusual payment to their health insurer or provider is found, they should report it immediately.
UCSF emphasized that it is a part of the recent series of phishing scams aimed at financial institutes, universities and large companies, quoting the Anti-Phishing Working Group.
For those having additional queries regarding the breach, UCSF has set up a toll-free helpline number (1-888-689-8273). According to the officials at the UCSF, employees are being re-educated about ensuring the protection of their usernames and passwords from such scams. The University has also released samples of phishing e-mails so as to increase users' awareness.
Related article: UCSF Server Holding Personal Information Encounters Hack
» SPAMfighter News - 26-12-2009