Hackers swipe data of 4.5M at UCLA Health System in massive cyberattack
July 17, 2015 in Medical Technology
The four-hospital UCLA Health System on Friday notified a staggering 4.5 million of its patients that their protected health information and Social Security numbers were compromised following one of the largest HIPAA breaches ever reported.
Despite the cyberattack having occurred nearly a year ago, in September 2014, officials did not notify patients until July 17. UCLA first detected suspicious activity on its networks back in October 2014, according to a company statement.
[See also: Healthcare adjusts to life as hacker target]
Social Security numbers, medical diagnoses, diseases, clinical procedures, test results, address and dates of birth were all among the data swiped by hackers in the cyberattack.
“We take this attack on our systems extremely seriously,” said James Atkinson, MD, interim associate vice chancellor and president of the UCLA Hospital System, in a July 17 statement. “We sincerely regret any impact this incident may have on those we serve.”
UCLA Health System’s breach announced today follows a series of similar cyberattacks impacting the healthcare industry in recent months. The Anthem cyberattack reported this February, for instance, compromised the Social Security numbers and personal data of nearly 80 million members and employees. In January this year, hackers also struck Premera Blue Cross, which exposed the financial and medical data of another 11 million members.
To date, the UCLA breach is tied for the fourth largest HIPAA breach ever reported, according to data from the Department of Health and Human Services.
As healthcare security consultant Mac McMillan told Healthcare IT News following the massive Anthem breach, “This should serve as yet another wake up call for those who haven’t gotten it yet,” he said. “Healthcare is a target.”
This is not the first HIPAA breach for the California-based health system. In 2011, the UCLA hospital system reported a breach after a laptop containing patient medical data was stolen from a former employee’s home.