Officials said they were working with the Federal Bureau of Investigation to track the source of the computer attacks.
The case goes back to October 2014, when UCLA Health first detected suspicious activity in its network and began the investigation with the help of the FBI. As part of that ongoing investigation, on May 5, 2015, UCLA Health determined that the attackers had accessed parts of its network that contain personal information, such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan identification numbers, and some medical information.
“Patient confidentiality and the protection of personal information are critically important to UCLA Health”.
Further network forensic analysis has suggested that, in fact, the thieves might have succeeded in penetrating those parts of the network that held that data as early as September 2014.
“There is no evidence that the cyber attackers actually accessed or acquired any individual’s personal or medical information, but we can not conclusively rule out that possibility”, UCLA Health stated.
Financial information does not appear to have been involved, according to Atkinson.
The hospital president, Dr. James Atkinson, told the LA Times that the hackers are “a highly sophisticated group likely to be offshore”.
UCLA said that prior to the attack on its system it had been taking steps and spending tens of millions of dollars to strengthen its computer security.
The data were not encrypted (Los Angeles Times, 7/17).
UCLA Health is sending letters to affected individuals with details on how to access the identity theft and restoration services, which individuals will receive over the next few weeks, and has established a website for patients that may have been impacted.
The UC system vowed Friday to learn from the UCLA incident and fortify its defenses across all of its universities and hospitals.
University of California President Janet Napolitano, who has served as Secretary of Homeland Security, ordered outside experts on computer security to assess the security of systems throughout the University of California system and to look for potential vulnerabilities. In both instances, the hospital was fined for the breaches.
The UCLA Health System found itself at the center of a scandal in 2008 involving workers who snooped into the medical records of Britney Spears, Farrah Fawcett and Maria Shriver, among others. Several former employees have been accused of leaking information on high-profile patients to the press.