Hospital networks at the University of California, Los Angeles, were compromised when hackers broke into the university hospital network accessing the sensitive information on more than 4.5 million patients.
Information potentially stolen in the UCLA Health breach includes, first and last names, medical information, Social Security numbers, Medicare numbers, health plan IDs, dates of birth and physical addresses.
According to the university, individuals affected in the breach include anyone who has visited or works at the university’s medical network, UCLA Health, which includes four hospitals and 150 offices spanning Southern California.
UCLA Health announced Friday that evidence collected by the university indicates that hackers initially broke into the hospitals computer systems in September 2014. Just one month later, university officials “detected suspicious activity” on the network and immediately contacted the FBI for help moving forward, a tactic the FBI has longed for years.
“At that time, it did not appear that the attackers had gained access to the parts of the network that contain personal and medical information,” UCLA Health wrote in a statement Friday.
However, during an investigation on May 5th, officials discovered evidence that hackers had broke into UCLA Health networks and stole millions of patients sensitive records.
UCLA Health is now in the process of notifying affected staff and patients, offering them one year of complementary identity theft services.
UCLA Health stresses that it can’t confirm that hackers broke into their network and stole the records themselves, presumably trying to downplay the breach before an official investigation confirms any type of unauthorized access.
“We take this attack on our systems extremely seriously,” said James Atkinson, the interim associate vice chancellor and president of the UCLA Hospital. “Our patients come first at UCLA Health and confidentiality is a critical part of our commitment to care. We sincerely regret any impact this incident may have on those we serve. We have taken significant steps to further protect data and strengthen our network against another cyber attack.”
In reaction to the breach, UCLA Health employed more cybersecurity professionals, adding to their internal security team, as well as hired an outside security firm to safeguard their network from sophisticated cyberrattacks in the future.
Hospitals, health insurance companies and universities have become the top three targets for hackers seeking massive swaths of personal information. Medical records, personal information and Social Security numbers are always in high-demand on the black market.
Health care companies tend to be affected the most in data breaches. Such as when health insurance giant Anthem was hacked, where some 80 million records were stolen. Similar to the Premera health insurer hack, where some 11 million financial and medical records were stolen. And most recently, CareFirst health insurer suffered a breach, where 1.1 million patients had their personal information stolen by hackers.
Universities are also among top targets for hackers, as just last year hackers stole over 310,000 records from the University of Maryland. Alongside that, universities including Harvard, North Dakota, Penn. State, Butler and Indiana have all had the private information of students and staff exposed.
UCLA Health acknowledged that their hospital and university are under “near-constant attack,” and that the university “blocks millions of known hacker attempts each year.” However, hackers made it past UCLA Health’s countermeasures and had network access for the better part of ten months.