UCLA Health System suffers data breach
Hackers swiped the personal information of as many as 4.5 million patients.
The UCLA Health System on Friday reported a data breach of the protected information of as many as 4.5 million of its patients.
Social Security numbers, dates of birth and addresses, along with medical information, were swiped by hackers in one of the largest HIPAA breaches ever reported.
The health system reported it noticed unusual activity on its computers last fall and began an investigation.
"We take this attack on our systems extremely seriously," said James Atkinson, MD, interim associate vice chancellor and president of the UCLA Hospital System, in a July 17 statement. "We sincerely regret any impact this incident may have on those we serve."
UCLA Health System's breach follows a series of similar cyberattacks affecting the healthcare industry in recent months. The Anthem cyberattack in February compromised the Social Security numbers and personal data of nearly 80 million members and employees.
Hackers also struck Premera Blue Cross, which exposed the financial and medical data of another 11 million members.
HIPAA violations have been levied against healthcare organizations for security breaches in which the Office of Civil Rights holds the health system responsible.
The largest settlement to date has been a whopping $4.8 million fine paid by New York-Presbyterian Hospital and Columbia University Medical Center, after a single physician accidentally deactivated an entire computer server, resulting in electronic patent health information being posted on Internet search engines.
Attorney Matt Fisher, who specializes in HIPAA as co-chairman of Mirick O'Connell's Health Law Group in Worcester, Mass. said, "The other side that's hard to quantify, is what is the financial hit towards reputation and trust? I always see figures that say 30 percent of patients say they would switch providers if their provider suffers a breach."
