Cyber-attack against the UCLA hospital system could jeopardize 4.5 million

Atkinson said the hospital detected unusual activity on one of its computer servers in October and began investigating with help from the FBI.

University of California (UCLA) Health, which runs four hospitals on the university’s campuses, has become the latest victim of cyber-attack.

“Our patients come first at UCLA Health, and confidentiality is a critical part of our commitment to care”, noted Atkinson.

The hospital announced the data breach on its website, stating that the compromised information could include “name, address, date of birth, social security number, medical record number, Medicare or health plan ID number, and some medical information (e.g., medical condition, medications, procedures, and test results)”. While the attackers accessed parts of the computer network that contain personal and medical information, the organization has no evidence that the cyber attacker accessed or acquired any individual’s personal or medical information.

UCLA said Friday that it’s working with the Federal Bureau of Investigation and had hired computer forensic experts to further secure its network.

Atkinson said it doesn’t appear that credit card and other financial information was involved. “We really don’t know”.

According to the Times, some experts questioned UCLA’s lack of encryption, given other recent security incidents. UCLA Health added that it has also expanded the size of its internal security team. Hackers may have accessed information on as many as 4.5 million patients.

The data were not encrypted (Los Angeles Times, 7/17).

Computer hackers spent months hacking into the systems at the University of California, Los Angeles hospital system.

In a statement, the university system said President Janet Napolitano has established an external cybersecurity group that will examine the “security posture across the UC system” and “assess emerging threats and potential vulnerabilities”.

“We live in a digital age which brings tremendous benefits”, he said.

UCLA said it’s sending letters to affected patients, which include many of its own staff and faculty. Several former employees have been accused of leaking information on high-profile patients to the press. In both instances, the hospital was fined for the breaches.

In an astutely proactive response and in an effort to ease concerns of patients whose information may have been accessed, the health system is offering 12 months of identity theft protection to potentially affected individuals, plus additional health care identity protection tools, it said in a statement.