Hackers swipe data of 4.5M at UCLA Health System in massive cyberattack
The four-hospital UCLA Health System on Friday notified a staggering 4.5 million of its patients that their protected health information and Social Security numbers were compromised following one of the largest HIPAA breaches ever reported.
Despite the cyberattack having occurred nearly a year ago, in September 2014, officials did not notify patients until July 17. UCLA first detected suspicious activity on its networks back in October 2014, according to a company statement.
[See also: Healthcare adjusts to life as hacker target]
Social Security numbers, medical diagnoses, diseases, clinical procedures, test results, address and dates of birth were all among the data swiped by hackers in the cyberattack.
"We take this attack on our systems extremely seriously," said James Atkinson, MD, interim associate vice chancellor and president of the UCLA Hospital System, in a July 17 statement. "We sincerely regret any impact this incident may have on those we serve."
UCLA Health System's breach announced today follows a series of similar cyberattacks impacting the healthcare industry in recent months. The Anthem cyberattack reported this February, for instance, compromised the Social Security numbers and personal data of nearly 80 million members and employees. In January this year, hackers also struck Premera Blue Cross, which exposed the financial and medical data of another 11 million members.
To date, the UCLA breach is tied for the fourth largest HIPAA breach ever reported, according to data from the Department of Health and Human Services.
As healthcare security consultant Mac McMillan told Healthcare IT News following the massive Anthem breach, "This should serve as yet another wake up call for those who haven't gotten it yet," he said. "Healthcare is a target."
"In today's security environment, large, high-profile organizations such as UCLA Health are under near-constant attack," UCLA Health officials acknowledged in a statement. Each year, they're able to prevent millions of hacker attempts. But not this time around. In response to the attack, UCLA said it is adding to its internal security team and has enlisted help from outside security firms to help monitor and better protect their network.
This is not the first HIPAA breach for the California-based health system. In 2011, the UCLA hospital system reported a breach after a laptop containing patient medical data was stolen from a former employee's home.