The Regents of the University of California successfully secured the transfer of the domain ucsfmychart.net. The respondent, Mark Leonardo, had set up a copycat website that used official UCSF trademarks and actual contact details to impersonate the university’s MyChart patient portal. WIPO Panelist Nick J. Gardner ordered the transfer after finding the site was configured to deceive patients and harvest sensitive credentials.
Case Snapshot
| Case Number | D2025-4593 |
|---|---|
| Complainant | The Regents of the University of California |
| Respondent | Mark Leonardo |
| Disputed Domain | ucsfmychart.net |
| Threat Tactic | Corporate Impersonation |
| Decision Date | 2025-12-23 |
| Panelist | Nick J. Gardner |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4593 |
Exploitation of Trust: Patient Portal Impersonation and Credential Hazards
The unauthorized registration and alignment of the disputed domain ucsfmychart.net creates a critical threat to institutional reputation and consumer confidence within the healthcare sector. Patients rely on specialized digital systems like ‘MyChart’ to access sensitive medical records and execute financial transactions. By integrating the core ‘UCSF’ trademark with this specific portal descriptor, the website directly targeted individuals seeking authentic UCSF Health services. Because the site featured unauthorized UCSF and UCSF HEALTH trademarks and reproduced the Complainant’s actual contact information, it established an illusion of legitimacy, capitalizing on an organization ranked among the top hospitals in the United States.
From a risk perspective, this specific tactic of duplicating official portals serves as an active vector for credential harvesting, even though the record does not document active phishing campaigns, specific visitor counts, or confirmed financial losses. The structural imitation of a login portal exposes users to the unauthorized interception of their confidential health and payment information. This case highlights how malicious actors move beyond simple brand typosquatting to replicate specific operational interfaces, which severely dilutes patient trust and demands continuous, proactive monitoring from brand protection teams.
Additionally, defending against these targeted copycat sites introduces substantial operational and legal burdens. When bad actors register highly specific service-brand combinations, organizations are forced to allocate resources to neutralize the threat before actual security breaches occur. Even when a respondent attempts to deflect scrutiny by claiming an educational intent—as seen in the informal communications here—the physical configuration of the website to mimic a secure portal reveals the underlying commercial and reputational risk that brand owners must rapidly address through UDRP proceedings.
Panel Analysis of Brand-Plus-Service Impersonation and Pretextual Defenses
Under the first element of the UDRP, Panelist Nick J. Gardner evaluated the confusing similarity of the disputed domain, <ucsfmychart.net>, by examining the integration of the Complainant’s core mark with an operational terms-of-art suffix. The Panel found that the domain incorporates the registered UCSF trademark in its entirety and appends the term ‘mychart’, which is the specific name of the university’s patient portal service. Because the Complainant has established rights in the UCSF mark, the addition of this descriptive service name does not prevent a finding of confusing similarity; rather, it increases the likelihood that consumers will believe the domain is officially associated with the university’s actual healthcare services.
Regarding rights or legitimate interests, the Panelist addressed and rejected the Respondent’s informal email defense. Although the Respondent claimed the domain was registered solely to ‘share educational information’, the case record demonstrates that the Respondent was not affiliated with the Complainant, was not commonly known by the name ‘ucsfmychart’, and possessed no license to use the UCSF marks. When a respondent sets up a website that mimics an official corporate portal while asserting an educational purpose, panels look to the actual operational character of the destination site. The blatant copying of the Complainant’s intellectual property and portal styling defeated any claim to a bona fide noncommercial or fair use.
In the bad faith assessment, the Panel focused on the deceptive configuration of the associated website, which prominently displayed unauthorized UCSF and UCSF HEALTH marks and utilized the Complainant’s actual physical contact details. This complete corporate impersonation was designed to mislead visitors into believing they were interacting with the genuine UCSF Health MyChart portal, establishing a highly convincing layout capable of facilitating credential harvesting. Although the administrative record contains no proof that any patients actually fell victim, that phishing emails were sent, or that financial losses occurred, the setup of this fraudulent infrastructure using authentic corporate identifiers is sufficient to find registration and use in bad faith.
Strategy Breakdown: Neutralizing Educational Pretexts in Portal Impersonation Disputes
The Complainant’s strategy succeeded by demonstrating how the targeted addition of a specific service name to a core trademark heightens consumer confusion. By incorporating the registered UCSF trademark in its entirety alongside the term ‘mychart’—the exact name of the Complainant’s patient portal—the disputed domain <ucsfmychart.net> created an immediate, deceptive association with the official healthcare service. For brand owners and IP professionals, this case illustrates the utility of tracking and policing highly specific service-oriented domain variations, as panels recognize that appending an operational platform name to a core trademark inherently targets the brand’s primary service delivery channel.
Furthermore, the Complainant successfully defeated the Respondent’s informal defense, which asserted via email that the domain was meant solely for sharing educational information. The Complainant countered this claim by submitting concrete evidence of the website’s configuration, which featured unauthorized UCSF and UCSF HEALTH trademarks, mimicked the official patient portal, and displayed the Complainant’s actual contact information. Panelist Nick J. Gardner rejected the educational pretext, finding that the website was engineered to mislead users into providing confidential medical and financial details. This underscores a critical precedent: administrative panels will dismiss informal claims of educational or fair use when the physical evidence of the website setup reveals an intent to facilitate deceptive credential harvesting.
Practical Recommendations
- Pre-emptively register defensive domains that combine core brand trademarks with specific names of critical patient, customer, or employee portals (such as ‘[brand]mychart’, ‘[brand]login’, or ‘[brand]portal’) across primary TLDs to prevent bad actors from registering them.
- Configure domain brand-monitoring programs to specifically target high-risk combinations of core trademarks and operational keywords (e.g., ‘portal’, ‘login’, ‘support’) to ensure early detection of phishing-ready infrastructure.
- Preserve immediate, timestamped evidence of copycat websites that misuse authentic organizational contact info and logos, as presenting these facts in a UDRP complaint effectively refutes informal, bad-faith claims of ‘educational’ or ‘non-commercial’ intent.
- Establish a high-priority enforcement protocol for any newly registered domains that target critical user gateways, allowing the IP security team to quickly initiate registrar abuse reports or fast-tracked UDRP complaints to preempt credential harvesting.
Frequently Asked Questions (FAQ)
Why was the domain ‘ucsfmychart.net’ considered confusingly similar to the University of California’s trademarks?
The WIPO Panel determined that the domain incorporated the Complainant’s ‘UCSF’ trademark in its entirety while appending ‘mychart,’ which is the specific name of the university’s actual patient portal service. This combination creates a high probability that consumers would mistakenly associate the domain with the official UCSF Health infrastructure.
How did the Panel establish that the Respondent lacked rights or legitimate interests in the domain?
The Panel found that the Respondent, Mark Leonardo, had no affiliation or authorization from the University of California to use their marks. Because the Respondent was not commonly known by the name ‘ucsfmychart’ and the site was not used for a legitimate non-commercial or fair use purpose, the Respondent failed to demonstrate any legitimate interest.
What evidence was used to prove the domain was registered and used in bad faith?
Bad faith was confirmed because the website associated with ‘ucsfmychart.net’ mimicked the appearance of the official UCSF Health MyChart portal, utilized the university’s authentic contact information, and displayed unauthorized trademarks to lure users into potentially disclosing sensitive medical and financial data.
How did the Panel treat the Respondent’s claim that the site was intended for ‘educational purposes’?
The Panel rejected the Respondent’s informal email defense, which claimed the domain was merely for sharing educational information. The content of the website—specifically its deceptive impersonation of the official patient portal—directly contradicted the Respondent’s stated intent, supporting the Panel’s conclusion that the domain was a tool for phishing.
Facing corporate impersonation through a domain?
Protect your organization’s digital identity and patient trust. Our legal experts can help you assess domain threats and navigate the UDRP process to secure unauthorized domains.
This case note is for informational purposes only and is not legal advice.



