The academic health system of UC San Diego is making an undisclosed number of patients, employees, and students aware that their information may have been accessed between December 2^nd, 2020, and April 8^th, 2021, during a phishing attack. The threat actors were able to view the information through an employee email account that they had unauthorized access to. Information that may have been viewed includes full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number, and username and password. Access to the email accounts have now been terminated and law enforcement agencies have been notified. The health system does not believe the information has been misused at this time. A spokesperson also stated, “In addition to notifying individuals whose personal information may have been involved, UC San Diego Health has taken remediation measures which have included, among other steps, changing employee credentials, disabling access points, and enhancing our security processes and procedures.”