4.5 Million Patients Affected in UCLA Health System Data Breach


Chad Terhune at the Los Angeles Times reported that following the colossal breach at Anthem Inc. that affected over 80 million Americans this past year, hackers found a simple loophole in UCLA Health System’s security and exploited it. So, what was the simple loophole? UCLA Health Systems failed to encrypt patient data.

Data encryption is considered by security experts to be the simplest of data safeguards, as it is often implemented as a first step. Dr. Deborah Peel, founder of Patient Privacy Rights in Austin, Texas, says that “These breaches will keep happening because the healthcare industry has built so many systems with thousands of weak links.”

Although the breach determination was a recent revelation, as of May 5, 2015, UCLA Health had been investigating the issue with the FBI since October 2015. According to Dr. James Atkinson, interim president of the UCLA Hospital System, the hospital detected unusual activity on one of its servers in October and, with help from the FBI, determined that the hackers had gained access to patient information in UCLA Health’s network. The hack included access to names, dates of birth, Social security numbers, Medicare and health plan identification numbers, and even diagnoses and procedures.

UCLA Health System told reporters that it had spent tens of millions of dollars to strengthen its network security, however its failure to encrypt patient data was all the hackers needed to get into the system – as was the case with Anthem. Data security experts are now calling on all healthcare organizations to significantly invest in patient data encryption in order to prevent massive hacks in the industry.

UCLA Health System will no doubt need to increase their data security spending and efforts to prevent major fallout from the attack. Moreover, federal health officials may be looking to levy significant fines for violations under the Health Insurance Portability and Accountability Act (HIPAA).

If you’d like to read the full article, please visit the Los Angeles Times.

If you’d like to know how your organization can take steps to lower your risk of hacks and data breach, please view our HIPAA Services and contact us.