Cyber Incident Victim: UC Davis Health System

In late September to early October 2014, UC Davis Health System experienced a security incident involving unauthorized access to a physician's work email account. The breach was detected by a member of the organization's IT team who observed abnormal activity in the account during the week spanning September 28 to October 4. Forensic investigation confirmed that an unknown source had compromised the account, though investigators could not determine whether specific messages were read or the precise method of intrusion. The compromised email contained personal or medical information belonging to 1,326 patients, though electronic health records systems remained unaffected and no Social Security numbers or financial data were accessed. UC Davis Health System publicly disclosed the incident on October 7 through a website release, stating that while their encrypted email program included protective measures like filtering and surveillance, the breach resulted in potential impermissible access to patient information.

Upon discovering the compromise, UC Davis Health System immediately blocked access to the affected email account and changed account credentials to prevent further unauthorized use. The organization initiated notifications to all 1,326 impacted patients, though the specific content of these notifications was not detailed in public statements. Security experts retained by UC Davis could not conclusively establish the breach's origin or whether patient data was actually viewed or exfiltrated by the unauthorized party. The health system emphasized that its standard email encryption and monitoring protocols were active at the time of the incident, suggesting the breach circumvented existing safeguards rather than exploiting their absence. No additional system compromises or related security events were reported in connection with this incident.