UCLA Health Cyberattack Affects Data for Up to 4.5 Million Patients

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.
The exterior of the Ronald Reagan UCLA Medical Center is shown on Oct. 17, 2014. (Credit: Mark Ralston / AFP / Getty Images)

The exterior of the Ronald Reagan UCLA Medical Center is shown on Oct. 17, 2014. (Credit: Mark Ralston / AFP / Getty Images)

The records of to 4.5 million patients may have been affected by a cyberattack on the UCLA Health network, but there’s no evidence individuals’ information was accessed, the health care system announced Friday.

The attack accessed parts of a computer network that held patient data, but there’s “no evidence at this time that the cyber attacker actually accessed or acquired any individual’s personal or medical information,”  UCLA Health said in a statement.

However, those patients whose information was stored in the hacked part of the network were in the process of being notified because UCLA Health “cannot conclusively rule out the possibility that the attackers may have accessed this information,” the statement read.

UCLA Health is offering all those affected 12 months of free identity theft recovery and restoration services, as well as additional health care identity protection tools. Those whose Social Security number or Medicare identification number was affected will also receive 12 months of free credit monitoring.

UCLA Health runs four hospitals on two campuses in Los Angeles and Santa Monica, as well as more than 150 primary care and specialty offices throughout Southern California.

Suspicious activity was first detected on the health care system’s network in October 2014, and the FBI became involved in the investigation.

On May 5, UCLA Health learned the attackers had accessed parts of the network that contain personal information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information, according to the statement.

The attackers, believed to be “criminal hackers,” may have accessed those parts of the network as early as September 2014.

In response to the attack, UCLA Health hired cyber-surveillance and security firms, and expanded its internal security team. The network blocks millions of known hacking attempts each year, according to UCLA Health.

Patients with questions can go to myidcare.com/uclaprotection or contact a UCLA Health representative at 877-534-5972, Monday through Friday from 6 a.m. to 6 p.m. PT.

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.