How Could the Breach Have Been Prevented?
According to the health data breach lawsuit, patients claim that UC San Diego Health neglected their responsibility to protect the privacy and security of their private information. Since the breach went undetected for so long the patients allege that, had UC San Diego Health implemented more sophisticated breach detection technology, the breach would have been detected sooner, mitigating the scope of the breach. The patients also claim that UC San Diego Health failed to provide them with timely notification that their information had been compromised since they did not start informing affected patients until five months after the breach was detected.
San Diego attorney Jason Hartley stated, “Patients should trust that their most private medical results will not be made public and that their medical visits will not leave them at risk for identity theft. This breach was preventable had UC San Diego Health had the right data protection protocols in place.”
Since discovering the breach, UC San Diego Health has implemented new security measures, “While there are a number of safeguards in place to protect information from unauthorized access, UC San Diego Health is also always working to strengthen them so we can further minimize the risk of this type of threat activity,” the system said in a statement.