Journal of Advanced Practice Nursing

UCLA Health Hacked, 4.5 Million Victims


By Jose Pagliery

Hackers broke into the massive hospital network of the University of California, Los Angeles, accessing computers with sensitive records of 4.5 million people.

Names, medical information, Social Security numbers, Medicare numbers, health plan IDs, birthdays and physical addresses -- all were potentially stolen, according to the university.

That could affect anyone who has visited -- or works -- at the university's medical network, UCLA Health, which includes four hospitals and 150 offices across Southern California.

UCLA Health made this announcement on Friday -- two months after it discovered the extent of the data breach.

Evidence collected by UCLA Health indicates hackers slipped into computers in September 2014. The next month, university network alarms "detected suspicious activity," and UCLA Health called in the FBI for help.

"At that time, it did not appear that the attackers had gained access to the parts of the network that contain personal and medical information," UCLA Health said in a statement.

That changed on May 5, when UCLA claims it discovered hackers actually accessed computers with sensitive records.

The hospital group is now notifying staff and patients, offering them one year of identity theft recovery services.

When asked UCLA Health why it waited so long to make this public. A company representative, Tod Tamberg, said: "The process of addressing the technological issues surrounding this incident and the logistics of identifying and notifying the potentially affected individuals was time-consuming."

However, UCLA Health stresses it can't yet be sure that hackers actually accessed -- or stole -- the records themselves.

The FBI said it's currently trying to determine "the nature and scope" of the incident.

The UCLA Hospital System's president, Dr. James Atkinson, apologized to the public in a statement. The hospital group also noted it is under "near-constant attack" by hackers -- blocking "millions of known hacker attempts each year."

UCLA Health said the hack forced it to employ more cybersecurity experts on its internal security team, and to hire an outside cybersecurity firm to guard its network.

Hospitals, health insurance companies, and universities have all become a frequent target for hackers seeking massive databases of personal information. Profile data, Social Security numbers and health records sell on the black market. Illegal data brokers amass large databases of this stolen information, then sell access to identity thieves.

Health care tends to lose larger numbers of records. When insurance giant Anthem was hacked, up to 80 million records were stolen. The Premera health insurance hack hit 11 million people. Hackers also stole data on 4.5 million Community Health System patients.

Universities get slammed as well. Last year, hackers stole 310,000 University of Maryland records. This year, Auburn University exposed its students' Social Security numbers. North Dakota University, Butler University, and Indiana University have all exposed the private information of hundreds of thousands of students.


Articles in this issue:

Leave a Comment

Please keep in mind that all comments are moderated. Please do not use a spam keyword or a domain as your name, or else it will be deleted. Let's have a personal and meaningful conversation instead. Thanks for your comments!

Image Captcha  



Editor-in Chief:
Kirsten Nicole

Editorial Staff:
Kirsten Nicole
Stan Kenyon
Robyn Bowman
Kimberly McNabb
Lisa Gordon
Stephanie Robinson

Kirsten Nicole
Stan Kenyon
Liz Di Bernardo
Cris Lobato
Elisa Howard
Susan Cramer