The UCLA health system notified 4.5 million patients on Friday that their protected health information had been compromised in one of the largest HIPAA breaches to date. UCLA first noticed suspicious activity on it’s network back in October of 2014, and has determined the breach to be made at some point in September, according to a statement by UCLA.
“We take this attack on our systems extremely seriously,” said James Atkinson, MD, interim associate vice chancellor and president of the UCLA Hospital System, in a July 17 statement. “We sincerely regret any impact this incident may have on those we serve.”
Among the data accessed by the attack were Social Security numbers, medical diagnoses, diseases, clinical procedures, test results, addresses, and dates of birth.
The announcement by UCLA marks the latest in a series of similar large-scale healthcare attacks. This past February nearly 80 million members and employees of Anthem BCBS had their personal data compromised, and in January 11 million members of Premera BCBS had theirs compromised as well.
“This should serve as yet another wake up call for those who haven’t gotten it yet,” healthcare security consultant Mac McMillan said after the Anthem breach in February. “Healthcare is a target.”
