Uni warns patients after doctor gets phished
Cautionary tale ad infinitum
Officials at the University of California at San Francisco have warned 600 patients that their medical information may have been leaked by a doctor who fell for a phishing scam.
An email the unnamed physician received in September purported to come from UCSF IT workers performing an upgrade to internal servers. It asked for a user name and password and the doc complied, according to this  advisory.
In October, auditors determined that emails in the physician's account could have exposed clinical and demographic information for about 600 patients. There is no indication the emails were actually accessed.
The mishap is the latest reminder that even people in high places can fall for phishing scams. Two years ago, servers at the Oak Ridge National Laboratory were penetrated after employees opened malicious files attached to emails . More than 1,400 upper-level executives were duped into sending sensitive information  by a supposed Better Business Bureau email.
UCSF has faced security breaches before . ®