UCLA Health Data Breach Could Affect 4.5 Million

The attackers accessed parts of the computer network that contain personal and medical information.

UCLA Health announced Friday that it was a victim of a criminal cyber attack. The attackers accessed parts of the computer network that contain personal and medical information, but, according to UCLA Health, there is no evidence that the hacker actually accessed or acquired any individual’s personal or medical information.

Data on as many as 4.5 million people may have been involved. UCLA Health is working with the FBI and has hired private computer forensic experts to further secure information on network servers.

UCLA Health includes four hospitals on two campuses – Ronald Reagan UCLA Medical Center; UCLA Medical Center, Santa Monica; Mattel Children’s Hospital UCLA; and Resnick Neuropsychiatric Hospital at UCLA – and more than 150 primary and specialty offices throughout Southern California.

UCLA Health detected suspicious activity in its network in October and began an investigation with assistance from the FBI. At that time, it did not appear that the attackers had gained access to the parts of the network that contain personal and medical information. As part of that ongoing investigation, on May 5, 2015, UCLA Health determined that the attackers had accessed parts of the UCLA Health network that contain personal information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information. Based on the continuing investigation, it appears that the attackers may have had access to these parts of the network as early as September.

Individuals whose information was stored on the affected parts of the network are in the process of being notified. UCLA Health is also offering all potentially affected individuals 12 months of identity theft recovery and restoration services as well as additional healthcare identity protection tools. Individuals whose Social Security number or Medicare identification number was stored on the affected parts of the network will also receive 12 months of credit monitoring.

A press release for the organization stated that UCLA Health identifies and blocks millions of known hacker attempts each year.

“In response to this attack, however, we have engaged the services of leading cyber-surveillance and security firms, which are actively monitoring and protecting our network,” the release stated. “We have also expanded our internal security team.”

UCLA Health is sending letters to affected individuals with details on how to access the identity theft and restoration services, which individuals will receive over the next few weeks. It has also established a website for patients that may have been impacted (www.myidcare.com/uclaprotection). Patients can also call 877-534-5972.

Photo Facebook

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo