• About Us
  • Events
  • Newsletter Sign Up
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
    1. Cybersecurity
    2. Data Breaches

    UCLA Health Reaches Settlement over Massive 2015 Data Breach

    March 22, 2019
    The agreement includes free credit monitoring, $2 million to reimburse settlement class members, and $5.5 million for a cybersecurity enhancement fund

    UCLA Health has reached a proposed settlement for a cyber attack that the patient care organization disclosed in 2015.

    According to a March 21 news release, “Class-action litigation arising from a cyber attack announced in July 2015 by UCLA Health has been settled by mutual agreement of the plaintiffs and The Regents of the University of California. On February 21, 2019, the judge overseeing the case granted preliminary approval of the proposed settlement, which provides long-term protection for the current and former patients whose personal information was in the attacked computer network.”

    Under the proposed settlement terms, UCLA Health admits no wrongdoing. The academic medical center maintains that it was not liable for the cyber attack and that, following an investigation, there continues to be no evidence that the cyber attackers actually accessed or acquired personal or medical information, according to UCLA Health officials.

    “The parties are entering into this agreement to avoid the expense of further litigation and to provide benefits to the individuals whose information was maintained in UCLA Health's computer network,” officials stated.

    The data breach from 2015 was a massive incident that potentially affected 4.5 million people. The patient data that was breached was not encrypted.

    According to a Forbes report at the time, “UCLA Health first noticed suspicious activity on its network in October 2014 and began an investigation with the FBI. On May 5, 2015, UCLA Health was able to confirm that attackers had accessed parts of UCLA Health's network containing patient information, likely beginning in September 2014.”

    The proposed settlement terms include:

    •   Two years of free credit monitoring, identity protection services, an insurance package and related benefits available to all settlement class members even if they previously obtained the one-year credit monitoring package offered by UCLA Health in 2015.
    • A $2 million fund that will be used to reimburse settlement class members who incurred costs seeking to protect against, or remedy, identity theft.
    •   $5.5 million beyond currently budgeted spending—plus any money remaining in the claims reimbursement fund—for the purpose of expediting and implementing cybersecurity enhancements to the UCLA Health computer network.

    Continue Reading

    Sponsored Recommendations

    Six Cloud Strategies to Combat Healthcare's Workforce Crisis

    The healthcare workforce shortage is a complex challenge, but cloud communications offer powerful solutions to address it. These technologies go beyond filling gaps—they are transformin...

    Transforming Healthcare with AI Powered Solutions

    AI-powered solutions are revolutionizing healthcare by enhancing diagnostics, patient monitoring, and operational efficiency - learn how to integrate these innovations into your...

    Enhancing Healthcare Through Strategic IT and AI Innovations

    Learn how strategic IT and AI innovations are transforming healthcare - join Tomas Gregorio as he explores practical applications that enhance clinical decision-making, optimize...

    The Intersection of Healthcare Compliance and Security in the Age of Deepfakes

    As healthcare regulations struggle to keep up with rapid advancements in AI-driven threats like deepfakes, the security gaps have never been more concerning.