UCLA Health is the latest healthcare organization to reveal that it has been the target of a malicious cyberattack.
The Los Angeles academic health system disclosed Friday that “criminal hackers” accessed a portion of its network that stored personal and medical data of as many as 4.5 million people.
The breach happened starting last September, and UCLA Health first detected potential wrongdoing a month later, according to the announcement. Working with the Federal Bureau of Investigation and other computer forensic specialists, the organization determined in May that “names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information” may have been exposed.
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
“At this time, there is no evidence that the attacker actually accessed or acquired individuals’ personal or medical information,” UCLA Health said in its announcement. “Because UCLA Health cannot conclusively rule out the possibility that the attackers may have accessed this information, however, individuals whose information was stored on the affected parts of the network are in the process of being notified.”
However, UCLA said that its investigation has turned up no evidence that the hackers actually had access to personal or medical data. Still, as has become customary in such breaches, the health system will offer all 4.5 million affected people free identity theft protection and restoration services. UCLA also will provide credit monitoring to those whose Social Security or Medicare ID numbers were exposed.
While UCLA Health is personally attempting to contact all 4.5 million people, anyone who thinks their data may be at risk can visit www.myidcare.com/uclaprotection at any time or call a dedicated hotline, 877-534-5972,weekdays between 6 a.m. and 6 p.m. PDT.
Security experts were quick to respond and, of course, put out statements to the media. Gavin Reid, vice president of threat intelligence at Alpharetta, Ga.-based network security firm Lancope, noted that this disclosure follows recent, high-profile breaches at health insurers Anthem, CareFirst and Premera Blue Cross.
A Personalized Approach to Medication Nonadherence
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
“At this point, we probably have more breached medical databases than ones that haven’t been compromised. The problem is that no one wants to spend additional money — and at hospitals you [sic] better be spending that money on a new medical equipment or something that saves lives,” Reid said in a statement e-mailed from a publicist. “The medical industry as a whole has to up its game in security maturity, especially basics like patching, security controls and incident detection and response.”
Photo: Flickr user Christine Kriza
