Another Healthcare Security Leak—This Time 4.5 Million via UCLA

UCLA hack

What Happened?

Following an influx of healthcare data breaches, UCLA Health System follows suit with the announcement that their computer network may too have been compromised.

On May 5, UCLA determined that hackers had gained access to parts of their network where sensitive patient information was stored.

Exposed data included the victims’ names, dates of birth, Social Security numbers, Medicare and health plan identification numbers and medical data of patients. Exposed patient data dates back to 1990.

Fraudsters may use this data to commit identity theft or misuse or sell medical information to obtain free services or elicit drugs using victim’s name — this is known as medical identity theft. Medical identity theft is the fastest growing identity crime, and costs victims an average of $13,450 in out-of-pocket expenses to resolve.

These targets are so lucrative that it’s no surprise medical centers are now seen as a hub for cybercrime. In 2014, the Identity Theft Resource Center determined that the healthcare industry made up 42.5 percent of all reported breaches. This allowed the healthcare community to continue their three-year trend as the most-breached professional sector.

UCLA is currently working with the FBI to investigate the matter. The university said there was no evidence yet that this patient data was taken or misused, but it can’t rule out that possibility until the investigation is completed.

What Should You Do?

Due to the sensitive nature of the information that has been exposed, UCLA patients are now at an increased risk of fraud and identity theft. Anyone potentially impacted by this breach should be vigilant about minimizing fraud risks, including taking the following actions:

  • Check your credit report.
  • Consider placing a 90-day fraud alert or credit freeze on your credit file.
  • Frequently review medical records/statements for inaccuracies and signs of medical identity theft.
  • Be your own best advocate at your doctor’s office. Voice privacy concerns, ask how information is stored and investigate the security track record of your care providers.

UCLA is currently offering impacted individuals with one year of free identity theft protection and credit monitoring services. For more information, please visit or call the university at 877-534-5972.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.