UCLA Breach Impacts Up To 4.5 Million Individuals
By Christine Kern, contributing writer
The announcement came two months after the breach was discovered.
UCLA Health has announced a criminal cyber-attack hit their network, acceding certain personal and medical information of as many as 4.5 million individuals. While there is no evidence that any individual’s personal or medical information was actually compromised, the breach is a significant warning about the need for more proactive security of PHI.
“We take this attack on our systems extremely seriously,” Dr. James Atkinson, interim associate vice chancellor and president of the UCLA Hospital system said. “Our patients come first at UCLA Health and confidentiality is a critical part of our commitment to care.” He also affirmed that they have taken “significant steps” to further protect data and heighten network security against future breaches.
The suspicious activity was first detected in October 2014 and UCLA Health and the FBI investigated. Initially, it did not appear that attackers had gained access to any personal or medical information, but as part of that investigation, on May 5, 2015, UCLA Health determined that such access did occur. Information that might have been compromised included names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers, and medical information. Access to these records may have occurred as early as September 2014.
The new reality is that PHI is a valuable commodity for hackers. “In today’s information security environment, large, high-profile organizations such as UCLA Health are under near-constant attack. UCLA Health identifies and blocks millions of known hacker attempts each year. In response to this attack, however, we have engaged the services of leading cyber-surveillance and security firms, which are actively monitoring and protecting our network. We have also expanded our internal security team. These are just a few of the important measures we are taking to help protect against another cyber-attack,” the UCLA Health statement read.
When CNNMoney asked UCLA Health why it waited so long to make this public, company representative Tod Tamberg explained, “The process of addressing the technological issues surrounding this incident and the logistics of identifying and notifying the potentially affected individuals was time-consuming.”
Healthcare systems, because of their large size and the enormity of the protected data they store, tend to experience breaches of larger numbers of records. In the Anthem data breach, as many as 80 million records were stolen. The Premera health insurance hack affected 11 million individuals, and Community Health Systems suffered a breach of data on 4.5 million patients.
With the rise in cybercriminal activity targeting PHI, healthcare providers need to ensure that they are taking the appropriate steps to protect sensitive patient data, as Health It Outcomes reported.