uc davis data breach

UC Davis Health Suffers Data Breach

On July 25, 2023, UC Davis Health, part of the expansive University of California health system, including UC Davis Medical Center, confirmed it had fallen victim to a data breach.

The health care provider, offering services to 33 counties and an estimated 6 million residents across Northern and Central California, pinpointed the breach to unauthorized access to an employee’s email account.

The UC Davis Health Data Breach Notice detailed how the institution’s IT Security team became aware of the violation. According to the Notice, a compromised email account that was used for coordinating follow-up patient care, containing personally identifiable information, was the source of the breach.

While the security team claimed to have detected the breach ‘quickly’, freezing the employee’s credentials without delay, the reason for the two-month gap between the discovery of the breach and its public disclosure remains unexplained. At present, notification letters are being dispatched to the affected patients and their families, where applicable.

UC Davis Health is offering complimentary 12-month credit monitoring services to affected individuals through Experian.

Californians: Safeguarded by State Laws

If you received a Notice of Data Breach from UC Davis Health, you may be entitled to $1,000 plus actual damages resulting from the negligent release of your confidential information.

California has unique state laws, including the California Confidentiality of Medical Information Act (CMIA) that compensate individuals whose confidential and sensitive data have been accessed by cyber-attackers.

Legal Rights and Remedial Steps

Participants in data breach lawsuits can seek compensation, injunctive relief and any other remedies a court deems appropriate.

After a Data Breach: What Next?

In the wake of a data breach, it’s crucial for those affected to take measures to protect their personal information. The steps may include:

  1. Purchasing credit monitoring services.
  2. Ordering and reviewing your annual free credit reports from the three major credit bureaus — Experian, TransUnion, and Equifax.
  3. Regularly scrutinizing account statements for suspicious activity.
  4. Setting a “fraud alert” with one of the three major credit bureaus.
  5. Implementing a “security freeze” on your credit report.
  6. Acquiring an “identity protection pin” from the IRS.
  7. Securing legal representation.

Differentiating Between “Credit Freeze” and “Fraud Alert”

A credit freeze is the strongest step you can take to prevent fraudulent accounts being opened under your name. It restricts credit bureaus from sharing your information with third parties. However, it doesn’t affect your ability to use active credit cards or your credit score, and it costs nothing to implement.

A fraud alert is a warning to potential credit providers that your identity may have been compromised. It lasts between one to seven years and can be lifted anytime. Once placed with one credit bureau, it is automatically implemented with the other two.

Deciphering “Identity Protection PIN”

An Identity Protection PIN (IP PIN), a six-digit number issued by the U.S. Internal Revenue Service, safeguards your Social Security number or Individual Taxpayer Identification Number from fraudulent tax return filings. An IP PIN is valid for a calendar year and is renewed annually by the IRS for participating accounts.

Helping You Navigate Your Rights

Experienced data breach and class action attorneys can help you exercise your rights, evaluate your options, and decide whether you should seek compensation under the CMIA.