UCLA Hacked, Data Breach Affects 4.5 Million Victims

The medical system and the hospital of the University of California in Los Angeles has revealed that it was the victim of a targeted cyberattack that may have compromised the medical and personal information of as many as 4.5 million people, according to a report at CNNMoney.

“Our investigation has revealed that the personal information of about 4.5 million individuals, including UCLA Health patients and providers who sought privileges at any UCLA Health hospital, was maintained on the impacted parts of the UCLA Health network,” said UCLA Health in a statement.

Potential victims are said to include anyone who has visited or works at UCLA Health, the university’s medical network. UCLA health encompasses four hospitals and over 150 offices in Southern California.

According to the university, victims’ stolen data is likely to include:

  • Names
  • Social Security Numbers
  • Physical Address
  • Medical Information
  • Medicare numbers
  • Health Plan IDs
  • Medications
  • Procedures
  • Test Results
  • Birthdays and more.

The announcement was made on Friday by UCLA Health, two months after the university discovered the extent of the data breach.

The Cyber Attack Resulting in the Data Breach

Initial evidence collected by UCLA Health shows that hackers penetrated the university’s networks and computers as early as September 2014. In October, the FBI was sought for help by UCLA Health after the university network “detected suspicious activity.”

“At that time, it did not appear that the attackers had gained access to the parts of the network that contain personal and medical information,” UCLA Health noted in the statement.

On May 5, it was discovered that hackers had indeed accessed computers and networks which contained sensitive patient records.

Tom Tamberg, a company representative told CNNMoney that “the process of addressing the technological issues surrounding this incident and the logistics of identifying and notifying the potentially affected individuals was time-consuming,” when asked why the hospital network had waited for months before making the breach public.

Healthcare organizations, a prime target

The UCLA Health breach is just the latest in a spate of recent healthcare hacks.

The hospital stressed in its statement that it is “under near-constant attack” like other large organizations from hackers, with millions of attempts every year to breach into its network being blocked routinely.

Jeff Hill, a security researcher noted that medical records are valuable “because they contain a wealth of sensitive information that can’t be changed or cancelled like a credit card number (e.g., Social Security numbers, dates of birth), a stolen medical record is an order of magnitude more valuable than a credit card.”

UCLA Health added that it is actively working with the FBI and external security consultants who specialize in services such as Digital Forensics and Data Breach Response.

UCLA Health is now in the process of notifying its staff and patients about the breach. The hospital group is also offering free identity theft protection and each of its 4.5 million victims also get a million dollar fraud insurance policy.