On July 17, the Los Angeles-based UCLA Health System was hacked, with a massive data breach potentially affecting 4.5 million people. What’s more, it turns out that the data involved had not been encrypted.
According to a Los Angeles Times report posted online at 5:51 PM Pacific time on Friday, “[H]ackers broke into UCLA Health System's computer network and may have accessed sensitive information on as many as 4.5 million patients, hospital officials said.This cyberattack at UCLA comes on the heels of a major breach of federal employee records and a massive hack at health insurance giant Anthem Inc. affecting 80 million Americans this year.”
The L.A. Times report, written by Chad Terhune, went on to say that “The intrusion is raising fresh questions about the ability of hospitals, health insurers and other medical providers to safeguard the vast troves of electronic medical records and other sensitive data they are stockpiling. The revelation that UCLA hadn't taken the basic step of encrypting this patient data drew swift criticism from security experts and patient advocates, particularly at a time when cybercriminals are targeting so many big players in healthcare, retail and government,” Terhune went on to say.
And in his report, Terhune quoted Dr. Deborah Pell, founder of Patient Privacy Rights in Austin, Texas, as saying, “These breaches will keep happening because the healthcare industry has built so many systems with thousands of weak links.”
In response to the cyberattack, UCLA officials said that they are working with the FBI, and have hired IT forensic experts to further secure the organization’s network. “We take this attack on our systems extremely seriously,” Dr. James Atkinson, interim president of the UCLA Hospital System, told the L.A. Times. “For patients that entrust us with their care, their privacy is our highest priority. We deeply regret this has happened.”
Healthcare Informatics will update readers as new developments emerge in this story.