SAN DIEGO—The University of California–San Diego (UCSD) Health March 16 notified patients that a third-party vendor used analytics tools on scheduling websites for Urgent Care and Express Care clinics, the information captured on which was then transmitted to other companies.
Solv Health hosted and managed UCSD Health’s scheduling websites for the Urgent Care in La Jolla at 8910 Villa La Jolla Drive and five locations of Express Care clinics:
- Downtown San Diego, 203 West F St.
- Encinitas, 1505 Encinitas Blvd.
- Eastlake/Chula Vista, 2295 Otay Lakes Road, Suite 110
- Pacific Highlands Ranch, 6030 Village Way, Suite 200
- Rancho Bernardo, 16950 Via Tazon.
For those who used the scheduling website between Sept. 13 and Dec. 22, 2022, to book appointments for in-person or video visits at these locations, the analytics tools may have captured names, dates of birth, email addresses, IP addresses, third-party cookies, reasons for visits and insurance types.
However, these tools did not collect Social Security numbers, medical record numbers, financial account numbers, or debit and credit card information, a UCSD Health statement said. The scheduling websites were not part of the hospital system’s electronic health records systems, MyUCSDChart, and no information within MyUCSDChart was impacted by Solv Health’s use of analytics tools.
UCSD Health will mail letters on Monday to those patients with addresses on file, notifying them of the data breach.
Additionally, the hospital directed Solv Health to remove the analytics tools from the scheduling websites immediately upon the initial discovery of the issue in late December, worked with the vendor to identify those whose data may have been collected, and transitioned to a new scheduling tool for the above locations.
UC San Diego Health established a call center to answer questions regarding the breach, at 1-800-909-1243 from 6 a.m. to 8 p.m. Monday through Friday and from 8 a.m. to 5 p.m. Saturday and Sunday.