UCSF Notifies Individuals Regarding Cybersecurity Incident

UC San Francisco is notifying individuals about a cybersecurity incident that may have impacted their personal information.

On June 1, 2020, UCSF detected a cybersecurity attack that occurred in a limited part of the UCSF School of Medicine’s IT environment. In response to this incident, UCSF immediately launched a thorough internal investigation and notified law enforcement. We also retained a leading cyber-security consultant and other outside experts to assist in our investigation and reinforce our IT systems’ defenses.

The personal information potentially impacted in this incident includes a range of records for current and former UCSF employees, students, collaborators, and research participants which may have included individuals’ names, social security numbers, government ID numbers, medical information, health insurance ID numbers, and/or financial information.

While there is no evidence that any personal information involved in the incident has been misused, we are responding with the highest level of caution and concern. UCSF is committed to maintaining the privacy and security of personal information, and we regularly review our policies and protocols to protect such information.

Those whose personal information may have been impacted by this cybersecurity incident are being notified by letter. A dedicated phone line, 1-800-939-4170, has been established to provide information and assistance to those who receive these notification letters or whose information was potentially involved.