UCLA Health Reaches Settlement over Massive 2015 Data Breach

March 22, 2019
The agreement includes free credit monitoring, $2 million to reimburse settlement class members, and $5.5 million for a cybersecurity enhancement fund

UCLA Health has reached a proposed settlement for a cyber attack that the patient care organization disclosed in 2015.

According to a March 21 news release, “Class-action litigation arising from a cyber attack announced in July 2015 by UCLA Health has been settled by mutual agreement of the plaintiffs and The Regents of the University of California. On February 21, 2019, the judge overseeing the case granted preliminary approval of the proposed settlement, which provides long-term protection for the current and former patients whose personal information was in the attacked computer network.”

Under the proposed settlement terms, UCLA Health admits no wrongdoing. The academic medical center maintains that it was not liable for the cyber attack and that, following an investigation, there continues to be no evidence that the cyber attackers actually accessed or acquired personal or medical information, according to UCLA Health officials.

“The parties are entering into this agreement to avoid the expense of further litigation and to provide benefits to the individuals whose information was maintained in UCLA Health's computer network,” officials stated.

The data breach from 2015 was a massive incident that potentially affected 4.5 million people. The patient data that was breached was not encrypted.

According to a Forbes report at the time, “UCLA Health first noticed suspicious activity on its network in October 2014 and began an investigation with the FBI. On May 5, 2015, UCLA Health was able to confirm that attackers had accessed parts of UCLA Health's network containing patient information, likely beginning in September 2014.”

The proposed settlement terms include:

  •   Two years of free credit monitoring, identity protection services, an insurance package and related benefits available to all settlement class members even if they previously obtained the one-year credit monitoring package offered by UCLA Health in 2015.
  • A $2 million fund that will be used to reimburse settlement class members who incurred costs seeking to protect against, or remedy, identity theft.
  •   $5.5 million beyond currently budgeted spending—plus any money remaining in the claims reimbursement fund—for the purpose of expediting and implementing cybersecurity enhancements to the UCLA Health computer network.

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?