Class Action Lawsuit Filed Against UC San Diego Health for Data Breach Involving Medical Information

On September 20, 2021, Stueve Siegel Hanson filed a class action lawsuit against UC San Diego Health relating to a data breach impacting patients’ financial, treatment, and medical information.

On July 27, 2021, UC San Diego Health announced on its website that hackers had gained access to its internal email networks through a successful "phishing" attack. Between December 2, 2020 and April 8, 2021, the hackers accessed and exfiltrated the most sensitive information possible, including full names, addresses, dates of birth, claims information, laboratory results, medical diagnosis and conditions, prescription information, treatment information, medical information, Social Security numbers, payment card numbers, financial account numbers and security codes, student ID numbers, and usernames and passwords.

UC San Diego Health subsequently provided individual notice to affected class members, who are now at serious risk. The lawsuit alleges that UC San Diego Health failed to implement reasonable security procedures and practices, failed to provide its employees with basic cybersecurity training designed to prevent “phishing” attacks, failed to take adequate steps to monitor for and detect unusual activity on its servers, failed to disclose material facts surrounding its deficient data security protocols, and failed to timely notify the victims of the breach.

Stueve Siegel Hanson filed the lawsuit against UC San Diego Health in the U.S. District Court for the Southern District of California. Among other claims, the lawsuit asserts claims for negligence, unjust enrichment, and violations of the California Consumer Privacy Act and seeks damages and injunctive relief resulting from the breach.

If you received a notification letter from UC San Diego Health and want to join the case, please contact attorney Austin Moore at 816.714.7105 or fill out a contact us form below.