“We have taken significant steps to further protect data and strengthen our network against another cyber attack”.

A cyberattack at the UCLA Health System has potentially affected as many as 4.5 million patients.

Although there is no evidence information was actually taken, UCLA Health is working with the FBI to investigate the attack.

UCLA Health said in a statement that while there’s no evidence hackers acquired personal or medical data, it can’t be ruled out yet.

An entrance to Ronald Reagan UCLA Medical Center, which is part of UCLA Health. We sincerely regret any impact this incident may have on those we serve.

Crucially, UCLA Health confirmed the data was not encrypted, the report said, meaning the data – if accessed or stolen – could be used to steal the identities or other personal information of those affected.

That changed on May 5, when investigators eventually realized the digital intruders had gotten into the database with names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information.

An investigation began in October when UCLA Health staff noticed “suspicious activity”. UCLA Health is sending letters to individuals with details on how to access identity theft and restoration services. At that time, it did not appear that the attackers had gained access to the parts of the network that contain personal and medical information. They’re also offering 12 months of credit monitoring for anyone whose Social Security or Medicare information was stored on the affected part of their network. Those who are concerned can go to www.myidcare.com/uclaprotection, or can contact a UCLA Health representative via a special hotline at 877-534-5972, from 6 a.m.to 6 p.m. Pacific time on weekdays.

The organization says that large sites like itself are under “near-constant attack” and that they identify and block millions of known hacking attempts every year.

UCLA said in a statement that the UC system plans to examine the state of its cyber security across all of its universities and hospitals. “The team will review and validate ongoing internal efforts and assess emerging threats and potential vulnerabilities”.