Some UCSD Health customer information, including the location in La Jolla, is collected and sent to third parties.

UC San Diego Health said a third-party vendor used analytics tools on scheduling websites for an urgent care clinic in La Jolla and five Express Care clinics to collect data and pass it on to other companies.

Solv Health hosted and managed the UCSD Health Schedule sites for the urgent care location at 8910 Villa La Jolla Drive and Express Care clinics in downtown San Diego, Enchitas, Chula Vista, Pacific Highlands Ranch and Rancho Bernardo in La Jolla.

The analytics tools may include names, birthdays, email addresses, IP addresses, third-party cookies, visit reasons and insurance types for people who used the scheme’s website to book an appointment between September 13 and December 22. In person or video tours of those areas.

But the devices did not collect Social Security numbers or medical record and financial account numbers or debit/credit card information, according to a statement from UCSD Health. The plan’s websites were not part of the health system’s electronic health records system, called MyUCSDChart, and no data on MyUCSDChart was affected by the use of Solve Health’s analytics tools, the statement said.

UCSD Health said it will send letters to patients with addresses on file on Monday, March 20, notifying them of the data breach.

UCSD Health also said the system immediately removed Solve Health’s analytics tools from plan websites after the problem was discovered in late December, and has worked with the vendor to identify the people whose data was collected. It also moved to a new scheduling tool for affected areas.

UCSD Health has established a call center for questions about the breach at (800) 909-1243. It is open Monday through Friday from 6 a.m. to noon and Saturday and Sunday from 8 a.m. to 5 p.m. ◆