Hackers breach University Health Services databases
Medical treatment records not accessed in overseas criminal attack
UC Berkeley computer administrators determined on April 21, 2009, that electronic databases in University Health Services had been breached by overseas criminals. The databases stored personally identifiable information used for billing such as Social Security numbers, and non-treatment medical information such as immunization history, UHS medical record number, dates of visits or names of providers seen, or for participants in the Education Abroad Program, certain information from the self-reported health history.
UHS electronic medical records, which include details of patients' diagnoses, treatments and therapies, are stored in a separate system and were not affected in this incident.
The university is sending notification letters and emails to those affected, which includes current and former students (as well as their parents and spouses if linked to insurance coverage) who had UHS health care coverage or received services. It is also sending notification letters to Mills College students who received, or were eligible to receive, healthcare on the UC Berkeley campus.
Campus police detectives and the FBI have been alerted.
The university sincerely regrets and apologizes for any difficulty this theft may create for individuals who may have had their personal information exposed.
To ensure that the university fully understands the nature of the security breach, and to determine the steps that can be taken to minimize the risk of a reoccurrence, the university has hired data security experts to support its ongoing investigation of the incident. The campus is committed to implementing recommendations that address the root causes of this security breach.