Hackers compromised the email accounts of three UC Davis doctors last month, potentially gaining access to personal or medical information on as many as 1,800 patients, the university announced Monday.
The UC Davis Health System said it has begun notifying the 1,800 patients who may have been affected.
The university said the hackers weren’t able to penetrate patients’ electronic medical records or gain access to any credit card or Social Security numbers.
“There was no breach in our health system database,” said UC Davis spokesman Charles Casey.
Casey said there has been no evidence that any patient information had actually fallen into hackers’ hands, but the university is continuing to investigate.
The attack took place in mid-December. The three doctors, who names were not released, realized something was wrong when they discovered that some of their emails were deleted. They also discovered that their email address was being used to send messages to people outside the health system.
UC Davis said the attack was a phishing scam, in which someone is sent an email that looks legitimate. According to a statement on the health system’s website, data security experts were unable to determine the exact nature of the breach or whether any email messages were specifically read. However, it said, “the automated nature of typical phishing scams makes it unlikely that content from individual messages was viewed. The content of patient information in the emails consisted primarily of name, medical record number and limited information associated with a clinic visit or hospital admission.”
Any patients with questions about the incident can call the university’s compliance department at (916) 734-8808.