The University of California, Los Angeles (UCLA) Health System revealed on July 17 that they were victims of a large cybersecurity breach. As many as 4.5 million patients have been reportedly exposed.
UCLA Health says that the cyberattack targeted network computers that contain personal data, including names, social security numbers, and medical history, but thus far there is no evidence that any records were taken.
The breach is currently being investigated by the FBI, and UCLA Health says it has also hired computer-forensics experts to help seal its network vulnerabilities and secure data against further attacks.
“We take this attack on our systems extremely seriously,” says Dr. James Atkinson, Interim Associate Vice Chancellor and President, UCLA Hospital System. “We have taken significant steps to further protect data and strengthen our network against another cyber attack.”
In a press release, UCLA Health admits cybercriminals may have had access to patient databases from as early as Sept. 2014. The attack first triggered suspicions a month later, but it wasn’t until May 5, 2015, that UCLA Health says an investigation determined cyberattackers had gained access to private patient data.
UCLA Health says it’s still working with the FBI to determine specifically what, if any, information was taken by hackers.
As a precautionary measure, UCLA Health says it will be reaching out to those possibly affected, and offer them a year of identity theft recovery services and credit monitoring at no cost. Patients with questions or concerns are invited to call UCLA Health via a special hotline at 877-534-5972.