Skip to content Skip to navigation

BREAKING NEWS: UCLA Health System Hit By Massive Data Breach: 4.5 Million May Be Affected

July 17, 2015
by Mark Hagland
| Reprints
On Friday, UCLA Health System was hacked, causing a massive data breach potentially affecting 4.5 million people

On July 17, the Los Angeles-based UCLA Health System was hacked, with a massive data breach potentially affecting 4.5 million people. What’s more, it turns out that the data involved had not been encrypted.

According to a Los Angeles Times report posted online at 5:51 PM Pacific time on Friday, “[H]ackers  broke into UCLA Health System's computer network and may have accessed sensitive information on as many as 4.5 million patients, hospital officials said.This cyberattack at UCLA comes on the heels of a major breach of federal employee records and a massive hack at health insurance giant Anthem Inc. affecting 80 million Americans this year.”

The L.A. Times report, written by Chad Terhune, went on to say that “The intrusion is raising fresh questions about the ability of hospitals, health insurers and other medical providers to safeguard the vast troves of electronic medical records and other sensitive data they are stockpiling. The revelation that UCLA hadn't taken the basic step of encrypting this patient data drew swift criticism from security experts and patient advocates, particularly at a time when cybercriminals are targeting so many big players in healthcare, retail and government,” Terhune went on to say.

And in his report, Terhune quoted Dr. Deborah Pell, founder of Patient Privacy Rights in Austin, Texas, as saying, “These breaches will keep happening because the healthcare industry has built so many systems with thousands of weak links.”

In response to the cyberattack, UCLA officials said that they are working with the FBI, and have hired IT forensic experts to further secure the organization’s network. “We take this attack on our systems extremely seriously,” Dr. James Atkinson, interim president of the UCLA Hospital System, told the L.A. Times. “For patients that entrust us with their care, their privacy is our highest priority. We deeply regret this has happened.”

Healthcare Informatics will update readers as new developments emerge in this story.







ONC National Coordinator Gets Live Look at Carequality Data Exchange

Officials from Carequality have stated that there are now more than 150,000 clinicians across 11,000 clinics and 500 hospitals live on its network. These participants are also able to share health data records with one another, regardless of technology vendor.

American Red Cross, Teladoc to Provide Telehealth Services to Disaster Victims

The American Red Cross announced a partnership with Teladoc to deliver remote medical care to communities in the United States that are significantly affected by disasters.

Report: The Business of Cybercrime in Healthcare is Growing

While stolen financial data still has a higher market value than stolen medical records, as financial data can be monetized faster, there are indications that there is ongoing development of a market for stolen medical data, according to an Intel Security McAfee Labs report.

Phishing Attack at Baystate Health Potentially Exposes Data of 13K Patients

A phishing scam at Baystate Health in Springfield, Mass. has potentially exposed the personal data of 13,000 patients, according to a privacy statement from the patient care organization and a report from MassLive.

New Use Cases Driving Growth in Health Data Exchange through Direct

In an update, DirectTrust reported significant growth in Direct exchange of health information and the number of trusted Direct addressed enabled to share personal health information (PHI) in the third quarter of 2016.

Insurers to CBO: Consider Private Insurers’ Data in Evaluations of Telemedicine

Eleven private insurers, including Aetna, Humana and Anthem, are urging the Congressional Budget Office (CBO) to consider the experience of commercial insurers when evaluating the impact of telemedicine coverage in Medicare.