WESTWOOD—Personal and medical information for nearly 4.5 million patients may have been accessed during several cyber attacks that began late last year on the UCLA Health network.
According to the university, there remains no evidence that any data was taken though the possibility can’t be ruled out as the incidents remain under investigation by the FBI.
“We take this attack on our systems extremely seriously,” said Dr. James Atkinson, interim associate vice chancellor and president of the UCLA Hospital System in a statement to the media. “We have taken significant steps to further protect data and strengthen our network against another cyber attack. We sincerely regret any impact this incident may have on those we serve.”
UCLA Health began an investigation with the FBI shortly after it first detected suspicious activity in October 2014. On May 5, discoveries from the investigation revealed that UCLA Health had in fact been hacked.
Among the information the hackers may have gained access to include names, social security numbers, dates of birth and health plan identification numbers. The information was not encrypted according to the university.
UCLA said in a statement that the UC system plans to examine the state of its cyber security across all of its universities and hospitals.
“UC President Janet Napolitano has mobilized an external cyber security group that will assess our security posture across the UC system,” the university said. “The team will review and validate ongoing internal efforts and assess emerging threats and potential vulnerabilities. The information from this external review will inform a broader UC-wide cyber security plan.”
UCLA Health, which currently runs four hospitals in Los Angeles and Santa Monica, said it will offer 12 months of free identity theft recovery services to all of those affected.
Patients with questions can go to myidcare.com/uclaprotection or contact a UCLA Health representative at 877-534-5972, Monday through Friday from 6 a.m. to 6 p.m. PT.