Login Register Subscribe
Current Issue

UCLA Health hack affects up to 4.5 million people

Reprints

Data from as many as 4.5 million individuals may have been breached in a cyber attack on UCLA Health, the medical organization said.

Hackers may have had access to its network as early as September 2014, the Los Angeles-based health system with four hospitals on two campuses and more than 150 primary and specialty offices said Friday in a statement.

The health system said there is no evidence at this time that the attacker actually accessed or acquired individuals’ personal or medical information, although it “cannot conclusively rule out the possibility.”

UCLA Health, which said it is working with the FBI and private computer forensic experts on the matter, said it first detected suspicious activity in its network in October 2014, although at the time it did not appear attackers had gained access to other parts of the network that contain personal and medical information.

As part of the ensuing investigation, UCLA Health determined on May 5, 2015, that the attackers had accessed parts of its network that contain personal information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information.

The health system said over the next few weeks it will be sending letters to affected individuals with details on how to access identity theft and restoration services it is offering.

“We take this attack on our systems extremely seriously,” Dr. James Atkinson, the interim associate vice chancellor and president of the UCLA Hospital System, said in the statement. “Our patients come first at UCLA Health, and confidentiality is a critical part of our commitment to care. We sincerely regret any impact this incident may have on those we serve. We have taken significant steps to further protect data and strengthen our network against another cyber attack.”

A spokeswoman didn’t respond to a request for information on insurance.