You have probably heard by now about the UCLA data breach. The four-hospital UCLA Health System on July 17th, 2015 notified a staggering 4.5 million of its patients that their protected health information and Social Security numbers were compromised following one of the largest HIPAA breaches ever reported.
What is common in these types of attacks, is that the cyberattack occurred nearly a year ago. Officials did not notify patients until this past Friday. UCLA suspected some sort of suspicious activity last October, but for some reason, it was not reported. Many practices and hospitals do this. They try to “fix” the problem. In some cases, they are not even sure if an attack really happened. Social Security numbers, medical diagnoses, diseases, clinical procedures, test results, address and dates of birth were all among the data swiped by hackers in the cyberattack.
In today’s security environment, large, high-profile organizations such as UCLA Health are under near-constant attack,” UCLA Health officials acknowledged in a statement. Each year, they’re able to prevent millions of hacker attempts. But not this time around. In response to the attack, UCLA said it is adding to its internal security team and has enlisted help from outside security firms to help monitor and better protect their network.
In recent months, Premera Blue Cross and Anthem have been hit. According to the Department of Health and Human Services, this breach is tied for the 4th largest HIPAA breach ever reported. Having this happen confirms that healthcare is a target, and hospitals and practices need to take it seriously.
This is not the first HIPAA breach for the California-based health system. In 2011, the UCLA hospital system reported a breach after a laptop containing patient medical data was stolen from a former employee’s home.
Sheryl Cherico, CEO – Tier3MD
UCLA Data Breach