As many as 4.5 million patient files may have been breached by a cyber attack on the UCLA Health system, but there is no evidence yet that any personal or medical information has been accessed, officials said Friday.
The attack may have occurred as early as last September. In October, UCLA Health administrators said they detected some suspicious activity and began an investigation with the FBI.
Though at the time it didn’t appear that attackers had infiltrated the system, an investigation continued, and by May administrators found that the UCLA Health network, which includes the Ronald Reagan Medical Health Center, contains names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information that could have been accessed in the cyber attack.
“We take this attack on our systems extremely seriously,” said Dr. James Atkinson, the interim associate vice chancellor and president of the UCLA Hospital System. “Our patients come first at UCLA Health, and confidentiality is a critical part of our commitment to care. We sincerely regret any impact this incident may have on those we serve. We have taken significant steps to further protect data and strengthen our network against another cyber attack.”
Though there is still no evidence that the attacker accessed personal or medical information, UCLA Health administrators said investigators cannot rule out that attackers may have that information. UCLA Health is sending letters to individuals with details on how to access identity theft and restoration services. Those who are concerned can go to www.myidcare.com/uclaprotection, or can contact a UCLA Health representative via a special hotline at 877-534-5972, from 6 a.m. to 6 p.m. Pacific time on weekdays.
“In today’s information security environment, large, high-profile organizations such as UCLA Health are under near-constant attack,” according to a UCLA statement. “UCLA Health identifies and blocks millions of known hacker attempts each year.”
UCLA Health officials said they have hired a leading cyber-surveillance and security firm to monitor and protect the network. The internal security team has also been expanded.
Source: Daily Bulletin