UCLA Health System Says Patient Data Breach Hit Up to 4.5 Million

The UCLA Health System said Friday that it has been the victim of a criminal cyberattack affecting as many as 4.5 million patients. The attackers accessed a computer network that contains personal and medical information. The university said there was no evidence yet that any such data was taken, but it can't rule out that possibility while the investigation continues.

UCLA said it was working with the FBI and had hired private computer forensic experts to further secure network servers.

"We take this attack on our systems extremely seriously," said Dr. James Atkinson (pictured), interim associate vice chancellor and president of the UCLA Hospital System. "We sincerely regret any impact this incident may have on those we serve."

In an interview, Atkinson said the hospital saw unusual activity in one of its computer servers in October and began investigating with assistance from the FBI.

The investigation confirmed May 5 that the hackers had gained access to parts of UCLA Health's computer system where some patient information was stored.

The hackers gained access to names, dates of birth, Social Security numbers, Medicare and health plan identification numbers as well as some medical information like patient diagnoses and procedures.

Atkinson said at this point it doesn't appear credit card and other financial information was accessed.

"They are a highly sophisticated group (of hackers) likely to be offshore," Atkinson said. "We really don't know. It's an ongoing investigation."

UCLA said the patient information that hackers gained access to was not encrypted.

The failure to take that additional precaution has generated criticism in other high-profile cyberattacks. In February, health insurance giant Anthem Inc. said it had suffered a breach exposing the personal information of about 80 million people.

The insurer said the information involved was not encrypted in its database. But the company said that additional security would not have stopped the attack because...

Comments are closed.