5 May, 2026

Medical Portal Impersonation Leads to WIPO Domain Transfer for UC Regents

UDRP Cases

The Regents of the University of California successfully secured the transfer of the domain ucsfmychart.net. The respondent, Mark Leonardo, had set up a copycat website that used official UCSF trademarks and actual contact details to impersonate the university’s MyChart patient portal. WIPO Panelist Nick J. Gardner ordered the transfer after finding the site was configured to deceive patients and harvest sensitive credentials.

Case Snapshot

Case Number D2025-4593
Complainant The Regents of the University of California
Respondent Mark Leonardo
Disputed Domain
ucsfmychart.net
Threat Tactic Corporate Impersonation
Decision Date 2025-12-23
Panelist Nick J. Gardner
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4593

Exploitation of Trust: Patient Portal Impersonation and Credential Hazards

The unauthorized registration and alignment of the disputed domain ucsfmychart.net creates a critical threat to institutional reputation and consumer confidence within the healthcare sector. Patients rely on specialized digital systems like ‘MyChart’ to access sensitive medical records and execute financial transactions. By integrating the core ‘UCSF’ trademark with this specific portal descriptor, the website directly targeted individuals seeking authentic UCSF Health services. Because the site featured unauthorized UCSF and UCSF HEALTH trademarks and reproduced the Complainant’s actual contact information, it established an illusion of legitimacy, capitalizing on an organization ranked among the top hospitals in the United States.

From a risk perspective, this specific tactic of duplicating official portals serves as an active vector for credential harvesting, even though the record does not document active phishing campaigns, specific visitor counts, or confirmed financial losses. The structural imitation of a login portal exposes users to the unauthorized interception of their confidential health and payment information. This case highlights how malicious actors move beyond simple brand typosquatting to replicate specific operational interfaces, which severely dilutes patient trust and demands continuous, proactive monitoring from brand protection teams.

Additionally, defending against these targeted copycat sites introduces substantial operational and legal burdens. When bad actors register highly specific service-brand combinations, organizations are forced to allocate resources to neutralize the threat before actual security breaches occur. Even when a respondent attempts to deflect scrutiny by claiming an educational intent—as seen in the informal communications here—the physical configuration of the website to mimic a secure portal reveals the underlying commercial and reputational risk that brand owners must rapidly address through UDRP proceedings.

Strategy Breakdown: Neutralizing Educational Pretexts in Portal Impersonation Disputes

The Complainant’s strategy succeeded by demonstrating how the targeted addition of a specific service name to a core trademark heightens consumer confusion. By incorporating the registered UCSF trademark in its entirety alongside the term ‘mychart’—the exact name of the Complainant’s patient portal—the disputed domain <ucsfmychart.net> created an immediate, deceptive association with the official healthcare service. For brand owners and IP professionals, this case illustrates the utility of tracking and policing highly specific service-oriented domain variations, as panels recognize that appending an operational platform name to a core trademark inherently targets the brand’s primary service delivery channel.

Furthermore, the Complainant successfully defeated the Respondent’s informal defense, which asserted via email that the domain was meant solely for sharing educational information. The Complainant countered this claim by submitting concrete evidence of the website’s configuration, which featured unauthorized UCSF and UCSF HEALTH trademarks, mimicked the official patient portal, and displayed the Complainant’s actual contact information. Panelist Nick J. Gardner rejected the educational pretext, finding that the website was engineered to mislead users into providing confidential medical and financial details. This underscores a critical precedent: administrative panels will dismiss informal claims of educational or fair use when the physical evidence of the website setup reveals an intent to facilitate deceptive credential harvesting.

Practical Recommendations

  • Pre-emptively register defensive domains that combine core brand trademarks with specific names of critical patient, customer, or employee portals (such as ‘[brand]mychart’, ‘[brand]login’, or ‘[brand]portal’) across primary TLDs to prevent bad actors from registering them.
  • Configure domain brand-monitoring programs to specifically target high-risk combinations of core trademarks and operational keywords (e.g., ‘portal’, ‘login’, ‘support’) to ensure early detection of phishing-ready infrastructure.
  • Preserve immediate, timestamped evidence of copycat websites that misuse authentic organizational contact info and logos, as presenting these facts in a UDRP complaint effectively refutes informal, bad-faith claims of ‘educational’ or ‘non-commercial’ intent.
  • Establish a high-priority enforcement protocol for any newly registered domains that target critical user gateways, allowing the IP security team to quickly initiate registrar abuse reports or fast-tracked UDRP complaints to preempt credential harvesting.

Frequently Asked Questions (FAQ)

Why was the domain ‘ucsfmychart.net’ considered confusingly similar to the University of California’s trademarks?

The WIPO Panel determined that the domain incorporated the Complainant’s ‘UCSF’ trademark in its entirety while appending ‘mychart,’ which is the specific name of the university’s actual patient portal service. This combination creates a high probability that consumers would mistakenly associate the domain with the official UCSF Health infrastructure.

How did the Panel establish that the Respondent lacked rights or legitimate interests in the domain?

The Panel found that the Respondent, Mark Leonardo, had no affiliation or authorization from the University of California to use their marks. Because the Respondent was not commonly known by the name ‘ucsfmychart’ and the site was not used for a legitimate non-commercial or fair use purpose, the Respondent failed to demonstrate any legitimate interest.

What evidence was used to prove the domain was registered and used in bad faith?

Bad faith was confirmed because the website associated with ‘ucsfmychart.net’ mimicked the appearance of the official UCSF Health MyChart portal, utilized the university’s authentic contact information, and displayed unauthorized trademarks to lure users into potentially disclosing sensitive medical and financial data.

How did the Panel treat the Respondent’s claim that the site was intended for ‘educational purposes’?

The Panel rejected the Respondent’s informal email defense, which claimed the domain was merely for sharing educational information. The content of the website—specifically its deceptive impersonation of the official patient portal—directly contradicted the Respondent’s stated intent, supporting the Panel’s conclusion that the domain was a tool for phishing.

Facing corporate impersonation through a domain?

Protect your organization’s digital identity and patient trust. Our legal experts can help you assess domain threats and navigate the UDRP process to secure unauthorized domains.

Assess impersonation threat

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.