You are here

UCLA Health Gets Hacked

Data on 4.5 million individuals may have been compromised

UCLA Health has announced that it was the victim of a criminal cyber attack. While the attackers accessed parts of the computer network that contain personal and medical information, the organization has no evidence that the cyber attacker accessed or acquired any individual’s personal or medical information.

UCLA Health estimates that data on as many as 4.5 million individuals may have been involved in the attack, believed to be the work of criminal hackers. The organization is working with investigators from the Federal Bureau of Investigation (FBI), and has hired private computer forensic experts to further secure information on network servers.

UCLA Health detected suspicious activity in its computer network in October 2014 and began an investigation with assistance from the FBI. At that time, it did not appear that the attackers had gained access to the parts of the network that contain personal and medical information. As part of that ongoing investigation, on May 5, 2015, UCLA Health determined that the attackers had accessed parts of its network that contain personal information, such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan identification numbers, and some medical information. Based on the continuing investigation, it appears that the attackers may have had access to these parts of the network as early as September 2014.

Because UCLA Health cannot conclusively rule out the possibility that the attackers may have accessed this information, individuals whose information was stored on the affected parts of the network are in the process of being notified.

To reduce the risk, UCLA Health is offering all potentially affected individuals 12 months of identity theft recovery and restoration services as well as additional health care identity protection tools. In addition, individuals whose Social Security number or Medicare identification number was stored on the affected parts of the network will receive 12 months of credit monitoring. These services are being provided to affected individuals at no cost.

The recent attack is the latest in a recent string of high-volume breaches. Health insurers Anthem and Premera Blue Cross discovered data breaches earlier this year, with the former’s attack compromising the personal health information of 80 million customers. A hack of CareFirst announced in May also compromised information for approximately 1.1 million current and former consumers.

Last summer, a breach of Franklin, Tennessee-based Community Health Systems, which operates 206 hospitals in 29 states, also compromised information for about 4.5 million consumers.

Sources: UCLA Health; July 17, 2015; and FierceHealthIT; July 17, 2015.


Recent Headlines

Potential contamination could lead to supply chain disruptions
Despite older, sicker patients, mortality rate fell by a third in 10 years
Study finds fewer than half of trials followed the law
WHO to meet tomorrow to decide on international public heath emergency declaration
Study of posted prices finds wild variations and missing data
Declining lung cancer mortality helped fuel the progress
Kinase inhibitor targets tumors with a PDGFRA exon 18 mutation
Delayed surgery reduces benefits; premature surgery raises risks
Mortality nearly doubled when patients stopped using their drugs