4.5 Million-Victims Hit in UCLA Health Hack

The multi-site health division of the University of California Los Angeles (UCLA) suffered an attack that could infect as many as 4.5 million people. The university went public with the news that hackers had broken into the network of UCLA Health, which maintains patient information, such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare and health plan ID numbers and medical information.

So far forensic experts said they have seen no evidence that the cyber criminals have looked at or acquired any of the data. However, the investigation, which includes the Federal Bureau of Investigation, continues.

The case goes back to October 2014, when UCLA Health first detected suspicious activity in its network and began the investigation with the help of the FBI. By May 5, 2015, the health system had determined that the attackers had accessed parts of its network and may have had access as early as September 2014. On July 17 the institution began notifying those people whose information was maintained on the servers.

The university is also doing an investigation of computer systems across the entire campus, which serves about 29,000 students. UCLA Health runs four hospitals and numerous clinics.

To mitigate risk, the university is informing those who may have been victims that they can request 12 months of identity theft recovery and restoration services and additional health care identity protection tools. Also, those whose Social Security number or Medicare identification number was stored on the affected parts of the network will receive 12 months of credit monitoring. The services are being provided at no cost.

The university has also set up a Web site and phone hotline to answer questions.

"Patient confidentiality and the protection of personal information are critically important to UCLA Health. We sincerely regret the impact this attack may have on affected individuals and have dedicated significant resources to assist members of our UCLA community who will have questions and concerns about how this attack may potentially affect them personally," wrote Chancellor Gene Block in a letter to the campus community. "Please know that UCLA Health is committed to the safeguarding of patient information. We take this attack very seriously and are working diligently to prevent similar attacks in the future."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • student reading a book with a brain, a protective hand, a computer monitor showing education icons, gears, and leaves

    4 Steps to Responsible AI Implementation

    Researchers at the University of Kansas Center for Innovation, Design & Digital Learning (CIDDL) have published a new framework for the responsible implementation of artificial intelligence at all levels of education.

  • glowing digital brain interacts with an open book, with stacks of books beside it

    Federal Court Rules AI Training with Copyrighted Books Fair Use

    A federal judge ruled this week that artificial intelligence company Anthropic did not violate copyright law when it used copyrighted books to train its Claude chatbot without author consent, but ordered the company to face trial on allegations it used pirated versions of the books.

  • server racks, a human head with a microchip, data pipes, cloud storage, and analytical symbols

    OpenAI, Oracle Expand AI Infrastructure Partnership

    OpenAI and Oracle have announced they will develop an additional 4.5 gigawatts of data center capacity, expanding their artificial intelligence infrastructure partnership as part of the Stargate Project, a joint venture among OpenAI, Oracle, and Japan's SoftBank Group that aims to deploy 10 gigawatts of computing capacity over four years.

  • laptop displaying a phishing email icon inside a browser window on the screen

    Phishing Campaign Targets ED Grant Portal

    Threat researchers at cybersecurity company BforeAI have identified a phishing campaign spoofing the U.S. Department of Education's G5 grant management portal.