UC San Diego Health reports that a third-party vendor used analytics tools on scheduling websites for the La Jolla Emergency Clinic and five Express Care clinics elsewhere in San Diego County, collected information, and then shared it with other companies.
Solv Health hosted and operated the UCSD Health scheduling websites for La Jolla Emergency Rooms at 8910 Villa La Jolla Drive and Express Care Clinics in Downtown San Diego, Encinitas, Chula Vista, Rancho Pacific Highlands, and Rancho Bernardo.
The analytics tools may capture names, dates of birth, email addresses, IP addresses, third-party cookies, reasons for visits, and insurance types for people who used the scheduling website between September 13 and December 22 to make an appointment. person or video visiting these places.
However, according to a statement from UCSD Health, the tools did not collect social security numbers, medical records and financial account numbers, or debit/credit card information. The statement said the planning websites were not part of the health system’s electronic health record system called MyUCSDChart, and none of the information in MyUCSDChart was affected by the use of Solv Health’s analytics tools.
UCSD Health said it will send emails to patients on Monday, March 20 to notify them of the data breach.
In addition, the system ordered Solv Health to remove analytics tools from scheduling websites immediately after initially discovering the problem in late December, UCSD Health said, and has been working with the vendor to identify people whose data may have been collected. It also moved to a new planning tool for affected locations.
UCSD Health has set up a call center for hacking questions at (800) 909-1243. It is open from 06:00 to 20:00 Monday to Friday and from 08:00 to 17:00 on Saturdays and Sundays. ◆