As part of that ongoing investigation, on May 5, 2015, UCLA Health determined that the attackers had accessed parts of its network that contain personal information, such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan identification numbers, and some medical information.
Advertisement
In 2014, it seemed that UCLA had dodged the bullet and that the hackers had been unable to access personal and medical information. UCLA first detected suspicious activity on its networks back in October 2014, according to a company statement.
On Friday, UCLA Health announced that it suffered a cyberattack that could have compromised the personal information of up to 4.5 million individuals, the Los Angeles Times reports. UCLA Health is working with investigators from the Federal Bureau of Investigation, and has hired private computer forensic experts to further secure information on network servers.
An FBI spokeswoman said the agency “is looking into the nature and scope of the matter, as well as the person or group responsible” for the UCLA breach.
“We take this attack on our systems extremely seriously”, Interim Associate Vice Chancellor and President of the UCLA Hospital System Dr. James Atkinson said in a statement.
UCLA said that before the attack occurred it had been taking efforts and investing in boosting computer security.
According to the Times, some experts questioned UCLA’s lack of encryption, given other recent security incidents. Anthem faced similar criticism over its failure to encrypt the information that was exposed to hackers during its cyberattack. “If our premium universities don’t learn from experience, what can we expect from other, less-learned organizations?”
To date, the UCLA breach is tied for the fourth largest HIPAA breach ever reported, according to data from the Department of Health and Human Services.
The UC system said it will boost defenses across its universities and hospitals.
University of California President Janet Napolitano ordered an outside cyber security group to assess the computer security system throughout the UC system and look for potential vulnerabilities. “But electronic health records come with the risk of this”.
Advertisement
UCLA Health is sending notice to the affected individuals and offering one year of free identity theft recovery and restoration services and a year of free credit monitoring. UCLA Health runs four hospitals and numerous clinics. Several former employees have been accused of leaking information on high-profile patients to the press.
