"UCHealth, UCLA Health Report Healthcare Data Breaches"

UCHealth in Aurora, Colorado, recently reported a third-party data breach to HHS that impacted 48,879 individuals.  According to its notice to patients, UCHealth was informed by software company Diligent that some patient, provider, and employee data may have been involved in a security incident.  Diligent provides hosted services to UCHealth and reported to UCHealth that Diligent’s software was accessed and attachments were downloaded, including UCHealth files.  UCHealth noted that this incident did not impact its systems, including its email and electronic medical record.  The information potentially downloaded by the cybercriminal may have included names, addresses, treatment-related information, and dates of birth, as well as Social Security numbers and financial information in some cases.  UCLA Health also recently notified 94,000 individuals of a recent healthcare data breach stemming from its use of analytics tools, such as tracking pixels.  UCLA Health did not mention Meta specifically but noted that the use of analytics tools on an appointment request form completed on its website or mobile app may have captured and transmitted to its third-party service providers certain limited information.  The company began using analytics tools on its public website and mobile app in April 2020 with the goal of understanding how its community interacted with them.  When in June 2022, UCLA Health learned of concerns relating to the use of these analytics tools by healthcare providers, it disabled them.  The appointment request forms containing analytics tools potentially captured information on third-party cookies,  provider names and specialties, and hashed value form fields that included names, email addresses, phone numbers, mailing addresses, and gender.  These analytics tools never captured Social Security numbers, financial account numbers, or debit/credit card information.  

Health IT Security reports: "UCHealth, UCLA Health Report Healthcare Data Breaches"