HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases

More»

E-learning

  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation

More»

Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


More»

Jul
17

UCLA Health System hacked, 4.5 million people affected

Email This Post Print This Post

Cyber criminals hacked into part of a computer network at UCLA Health System in California, compromising records of at least 4.5 million people, the university hospital system reported on Friday.

There is no evidence yet the hackers obtained access to or acquired individuals’ PHI, although the compromised areas of the network do contain names, addresses, birthdates, Social Security numbers, medical record numbers, Medicare or health plan numbers, and other medical information, according to a statement from UCLA Health.

The health system is working with the FBI and has also hired private computer forensic experts to secure information on network servers.

UCLA Health first detected suspicious activity on its network in October 2014 and began an investigation with the FBI, but it didn’t appear the attackers had gained access to personal or medication information at that time, according to Friday’s statement.

It wasn’t until May 5 that investigators determined the hackers did access parts of the network containing PHI, said UCLA Health, adding that evidence suggests the hackers may have been active as early as September 2014.

As the investigation continues, the health system is still in the process of notifying possible victims and is offering all 4.5 million people one year of free identity theft and restoration services as well as other healthcare identity protection tools. Additionally, one year of free credit monitoring will be offered to people whose Social Security number or Medicare number was potentially compromised.

“UCLA Health identifies and blocks millions of known hacker attempts each year. In response to this attack, however, we have engaged the services of leading cyber-surveillance and security firms, which are actively monitoring and protecting our network,” read Friday’s statement. “We have also expanded our internal security team. These are just a few of the important measures we are taking to help protect against another cyber attack.”

In addition to sending letters to potential victims, the health system has also established a website at www.myidcare.com/uclaprotection with more details on how to access fraud detection and prevention services.

Comments

  1. Jose A. Madrid says:

    Tried to register by phone and, I was directed to the web site. I am not sure this is the proper place to register since there so many links. Please notify me if there is a better lik.

  2. John Castelluccio says:

    Jose, it sounds like they want people to register for the service online, but you can only do so once you receive an official notice in the mail with an access code. There is some more information on the process here: https://www.uclahealth.org/Pages/Data-2015.aspx

  3. how do I enroll after the cyber attack?

  4. John Castelluccio says:

    Patricia, if you follow this link: https://www.uclahealth.org/Pages/Data-2015.aspx, you should be able to find information about enrolling in the service.

Leave a Reply