UCLA Health Settles $7.5M Lawsuit Over Data Breach

The data breach was discovered in 2014 and affected the personal information, including Social Security numbers, of nearly 4.5 million UCLA Health patients.

UCLA Health Settles $7.5M Lawsuit Over Data Breach

Photo via Adobe, by MclittleStock

UCLA Health has settled a class action lawsuit filed by the victims of a data breach from October 2014.

UCLA Health will pay $7.5 million to settle the lawsuit, reports the HIPAA Journal.

Suspicious activity was discovered on UCLA Health’s network back in 2014 and the FBI began a full investigation which confirmed that hackers had gained access.

At the time, it was believed that the hackers did not have access to the part of the network where patients’ medical information was stored. However, in May 2015, UCLA Health confirmed that hackers, in fact, had gained access to patients’ health information.

Names, addresses, dates of birth, Medicare IDs, health insurance information and Social Security numbers were potentially compromised for 4.5 million UCLA Health patients.

The Department of Health and Human Service’s Office for Civil Rights investigated the breach and deemed both the hospital’s response to the breach and improvements to security post-breach satisfactory.

There were no financial penalties brought against UCLA Health, however, a class action lawsuit was still filed by the victims of the breach, alleging UCLA Health failed to inform them of the breach in a timely manner.

Not only that, but the victims also claimed that there were violations of contracts, California’s privacy laws and UCLA Health’s failure to protect patient privacy.

Patients were not told about the breach until July 15, 2015. While this does not violate HIPPA’s 60-day notification requirement, plaintiffs still believed that they should have been notified more quickly because the initial breach took place nine months before.

Under the terms of the settlement, all victims can claim two years of free credit monitoring and identity theft protection services. Patients can also claim up to $5,000 to cover protection costs and up to $20,000 for any losses or damages caused by identity fraud.

Two million of the $7.5 million has been set aside for patient claims and the remaining $5.5 million will be put into a cybersecurity fund.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author


Katie Malafronte is Campus Safety's Web Editor. She graduated from the University of Rhode Island in 2017 with a Bachelor's Degree in Communication Studies and a minor in Writing & Rhetoric. Katie has been CS's Web Editor since 2018.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

One response to “UCLA Health Settles $7.5M Lawsuit Over Data Breach”

  1. Angie Carter says:

    I received a notice from a group claiming that I could sign on to this suit. How do I know it’s not a fraud?

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety HQ