A cyber attack on the computer system of UCLA Health may have exposed the records of up to 4.5 million people, the health system announced today, but there is no evidence so far that any personal or medical information was illegally accessed.
“We take this attack on our systems extremely seriously,” Dr. James Atkinson, interim associate vice chancellor and president of the UCLA Hospital System, said. “Our patients come first at UCLA Health and confidentiality is a critical part of our commitment to care.”
An investigation began in October when UCLA Health staff noticed “suspicious activity.” The health system notified the FBI and hired private forensic computer experts to investigate the breach.
On May 5, “UCLA Health determined that the attackers had accessed parts of the UCLA Health network that contain personal information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information,” according to UCLA. “Based on the continuing investigation, it appears that the attackers may have had access to these parts of the network as early as September 2014. We continue to investigate this matter.”
The health system offered all of those potentially affected by the attack a year of identity theft recovery and restoration services. Additionally, “individuals whose Social Security number or Medicare identification number was stored on the affected parts of the network will receive 12 months of credit monitoring,” according to the statement. “These services are being provided to affected individuals at no cost.”
At-risk patients may get further details online at www.myidcare.com/uclaprotection. UCLA also set up a hotline that will be staffed from 6 a.m. to 6 p.m., Monday through Friday. The number is (877) 534- 5972.
University of California President Janet Napolitano has ordered a review of UC cyber security systemwide, her office announced today.
External security experts “will review and validate ongoing internal efforts and assess emerging threats and potential vulnerabilities,” according to a statement from the UC president’s office. “The information from this external review will inform a broader UC-wide cyber security plan.”
—City News Service