• E-mail
• Print
• RSS

UCLA health system hacked, 4.5 million people affected

HIM-HIPAA Insider, July 27, 2015

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Cyber criminals hacked into part of a computer network at UCLA Health System in California, compromising records of at least 4.5 million people, the university hospital system reported July 17.

There is no evidence yet the hackers obtained access to or acquired individuals’ PHI, although a statement from UCLA Health said the compromised areas of the network contain the following patient information:

• Names
• Addresses
• Birthdates
• Social Security numbers
• Medical record numbers
• Medicare or health plan numbers

The health system is working with the Federal Bureau of Investigation (FBI) and has also hired private computer forensic experts to secure information on network servers.

UCLA Health first detected suspicious activity on its network in October 2014 and began an investigation with the FBI, but it didn’t appear the attackers had gained access to personal or medication information at that time, according to the official statement.

It wasn’t until May 5 that investigators determined the hackers accessed parts of the network containing PHI, said UCLA Health, adding that evidence suggests the hackers may have been active as early as September 2014.

As the investigation continues, the health system is still in the process of notifying possible victims and is offering all 4.5 million people one year of free identity theft and restoration services as well as other healthcare identity protection tools. Additionally, one year of free credit monitoring will be offered to people whose Social Security number or Medicare number was potentially compromised.

“UCLA Health identifies and blocks millions of known hacker attempts each year. In response to this attack, however, we have engaged the services of leading cyber-surveillance and security firms, which are actively monitoring and protecting our network,” read the July 17 statement. “We have also expanded our internal security team. These are just a few of the important measures we are taking to help protect against another cyber-attack.”

In addition to sending letters to potential victims, the health system has also established a website at www.myidcare.com/uclaprotection with more details on how to access fraud detection and prevention services.

This article appeared on HCPro’s HIPAA Update blog. Stay up to date on all things HIPAA by signing up for e-mail updates from this blog.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

• E-mail to a Colleague
• Print
• RSS
• Archive