UCLA Health hospitals say hackers may have accessed personal information and medical records on 4.5 million patients.
The California medical group admitted today that miscreants infiltrated its computer systems as long ago as September. It is possible the intruders accessed databases holding patient names, addresses, dates of birth, social security numbers, medical records, health plan numbers, details of medical conditions, lists of medications, and medical test results.
UCLA Health said by October its IT staff thought something fishy was going on, and realized that patient data was at risk months later on May 5. We’re told that sensitive information on “UCLA Health patients and providers who sought privileges at any UCLA Health hospital” could have been viewed by the crims.
Hospital bosses aren’t convinced the attackers were able to copy the information out of the network, and claim it’s possible the hackers may not have viewed the medical records. El Reg reckons that’s wishful thinking.
“While the attackers accessed parts of the computer network that contain personal and medical information, UCLA Health has no evidence at this time that the cyber attacker actually accessed or acquired any individual’s personal or medical information,” the group said in a statement.
“UCLA Health estimates that data on as many as 4.5 million individuals potentially may have been involved in the attack, believed to be the work of criminal hackers.”
Another day, another breach. No matter what company, organization, or government agency has your data in a computer, that personally identifiable information is at great risk of being compromised by nation state attackers, criminals, or even hacktivists.